Update March 2023
This commit is contained in:
parent
2d4f99a727
commit
64ae3fb88d
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,12 +21,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [128.90.106.22](https://vuldb.com/?ip.128.90.106.22) | undefined.hostname.localhost | - | High
|
||||
2 | [128.90.107.21](https://vuldb.com/?ip.128.90.107.21) | undefined.hostname.localhost | - | High
|
||||
3 | [128.90.107.189](https://vuldb.com/?ip.128.90.107.189) | undefined.hostname.localhost | - | High
|
||||
1 | [46.246.12.6](https://vuldb.com/?ip.46.246.12.6) | c-46-246-12-6.ip4.frootvpn.com | - | High
|
||||
2 | [46.246.86.3](https://vuldb.com/?ip.46.246.86.3) | c-46-246-86-3.ip4.frootvpn.com | - | High
|
||||
3 | [128.90.106.22](https://vuldb.com/?ip.128.90.106.22) | undefined.hostname.localhost | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more IOC items available. Please use our online service to access the data.
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -34,10 +34,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -50,43 +50,43 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/api/admin/articles/` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
7 | File | `/admin/generalsettings.php` | High
|
||||
8 | File | `/Admin/login.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/reports.php` | High
|
||||
11 | File | `/admin/showbad.php` | High
|
||||
12 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
13 | File | `/apilog.php` | Medium
|
||||
14 | File | `/cgi-bin/kerbynet` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/connectors/index.php` | High
|
||||
17 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
19 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/hrm/employeeadd.php` | High
|
||||
22 | File | `/hrm/employeeview.php` | High
|
||||
23 | File | `/index.php` | Medium
|
||||
24 | File | `/info.cgi` | Medium
|
||||
25 | File | `/Items/*/RemoteImages/Download` | High
|
||||
26 | File | `/items/view_item.php` | High
|
||||
27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
28 | File | `/lists/admin/` | High
|
||||
2 | File | `/Admin/add-student.php` | High
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/admin/conferences/list/` | High
|
||||
5 | File | `/admin/generalsettings.php` | High
|
||||
6 | File | `/Admin/login.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/admin/reports.php` | High
|
||||
9 | File | `/admin/showbad.php` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
11 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
12 | File | `/apilog.php` | Medium
|
||||
13 | File | `/bin/httpd` | Medium
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/connectors/index.php` | High
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
18 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/home/masterConsole` | High
|
||||
23 | File | `/home/sendBroadcast` | High
|
||||
24 | File | `/hrm/employeeadd.php` | High
|
||||
25 | File | `/hrm/employeeview.php` | High
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/items/view_item.php` | High
|
||||
28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
29 | File | `/lookin/info` | Medium
|
||||
30 | File | `/MagickCore/image.c` | High
|
||||
31 | File | `/manager/index.php` | High
|
||||
32 | File | `/medical/inventories.php` | High
|
||||
33 | File | `/mgmt/tm/util/bash` | High
|
||||
34 | File | `/modules/profile/index.php` | High
|
||||
35 | File | `/modules/projects/vw_files.php` | High
|
||||
36 | File | `/modules/public/calendar.php` | High
|
||||
37 | File | `/newsDia.php` | Medium
|
||||
38 | File | `/out.php` | Medium
|
||||
30 | File | `/manager/index.php` | High
|
||||
31 | File | `/medical/inventories.php` | High
|
||||
32 | File | `/modules/profile/index.php` | High
|
||||
33 | File | `/modules/projects/vw_files.php` | High
|
||||
34 | File | `/modules/public/calendar.php` | High
|
||||
35 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
36 | File | `/newsDia.php` | Medium
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/php-opos/index.php` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/public/launchNewWindow.jsp` | High
|
||||
41 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
|
@ -96,27 +96,29 @@ ID | Type | Indicator | Confidence
|
|||
45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
46 | File | `/staff/bookdetails.php` | High
|
||||
47 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
48 | File | `/user/update_booking.php` | High
|
||||
49 | File | `/WEB-INF/web.xml` | High
|
||||
50 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
51 | File | `/Wedding-Management/package_detail.php` | High
|
||||
52 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
53 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
54 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
55 | File | `AbstractScheduleJob.java` | High
|
||||
56 | File | `actionphp/download.File.php` | High
|
||||
57 | File | `AdClass.php` | Medium
|
||||
58 | File | `adclick.php` | Medium
|
||||
59 | File | `addtocart.asp` | High
|
||||
60 | File | `admin.php` | Medium
|
||||
61 | ... | ... | ...
|
||||
48 | File | `/uncpath/` | Medium
|
||||
49 | File | `/user/update_booking.php` | High
|
||||
50 | File | `/WEB-INF/web.xml` | High
|
||||
51 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
52 | File | `/wireless/security.asp` | High
|
||||
53 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
54 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
55 | File | `01article.php` | High
|
||||
56 | File | `AbstractScheduleJob.java` | High
|
||||
57 | File | `actionphp/download.File.php` | High
|
||||
58 | File | `AdClass.php` | Medium
|
||||
59 | File | `adclick.php` | Medium
|
||||
60 | File | `addtocart.asp` | High
|
||||
61 | File | `admin.php` | Medium
|
||||
62 | ... | ... | ...
|
||||
|
||||
There are 533 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 539 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia
|
||||
* https://web.archive.org/web/20190625182633if_/https://ti.360.net/blog/articles/apt-c-36-continuous-attacks-targeting-colombian-government-institutions-and-corporations-en/
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -115,7 +115,7 @@ ID | Type | Indicator | Confidence
|
|||
30 | File | `adclick.php` | Medium
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 265 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 260 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -68,38 +68,38 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/config/getuser` | High
|
||||
6 | File | `/etc/ajenti/config.yml` | High
|
||||
7 | File | `/etc/shadow` | Medium
|
||||
8 | File | `/goform/telnet` | High
|
||||
9 | File | `/infusions/shoutbox_panel/shoutbox_admin.php` | High
|
||||
10 | File | `/lan.asp` | Medium
|
||||
11 | File | `/modules/profile/index.php` | High
|
||||
12 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
13 | File | `/oscommerce/admin/currencies.php` | High
|
||||
14 | File | `/proc/pid/syscall` | High
|
||||
15 | File | `/rapi/read_url` | High
|
||||
16 | File | `/rom-0` | Low
|
||||
17 | File | `/session/list/allActiveSession` | High
|
||||
18 | File | `/SysInfo.htm` | Medium
|
||||
19 | File | `/syslog_rules` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/upload` | Low
|
||||
22 | File | `/users/{id}` | Medium
|
||||
23 | File | `/var/tmp/sess_*` | High
|
||||
24 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
25 | File | `/video` | Low
|
||||
26 | File | `actionphp/download.File.php` | High
|
||||
27 | File | `ActivityManagerService.java` | High
|
||||
28 | File | `adaptmap_reg.c` | High
|
||||
29 | File | `add_comment.php` | High
|
||||
30 | File | `admin.cgi` | Medium
|
||||
31 | File | `admin.php` | Medium
|
||||
32 | File | `admin.php?action=files` | High
|
||||
33 | File | `admin/admin.php` | High
|
||||
34 | File | `admin/content.php` | High
|
||||
35 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
36 | File | `admin/modules/master_file/rda_cmc.php?keywords` | High
|
||||
37 | File | `admin_gallery.php3` | High
|
||||
38 | File | `affich.php` | Medium
|
||||
39 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/goform/telnet` | High
|
||||
10 | File | `/infusions/shoutbox_panel/shoutbox_admin.php` | High
|
||||
11 | File | `/lan.asp` | Medium
|
||||
12 | File | `/modules/profile/index.php` | High
|
||||
13 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
14 | File | `/oscommerce/admin/currencies.php` | High
|
||||
15 | File | `/proc/pid/syscall` | High
|
||||
16 | File | `/rapi/read_url` | High
|
||||
17 | File | `/rom-0` | Low
|
||||
18 | File | `/session/list/allActiveSession` | High
|
||||
19 | File | `/SysInfo.htm` | Medium
|
||||
20 | File | `/syslog_rules` | High
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/upload` | Low
|
||||
23 | File | `/users/{id}` | Medium
|
||||
24 | File | `/var/tmp/sess_*` | High
|
||||
25 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
26 | File | `/video` | Low
|
||||
27 | File | `actionphp/download.File.php` | High
|
||||
28 | File | `ActivityManagerService.java` | High
|
||||
29 | File | `adaptmap_reg.c` | High
|
||||
30 | File | `add_comment.php` | High
|
||||
31 | File | `admin.cgi` | Medium
|
||||
32 | File | `admin.php` | Medium
|
||||
33 | File | `admin.php?action=files` | High
|
||||
34 | File | `admin/admin.php` | High
|
||||
35 | File | `admin/content.php` | High
|
||||
36 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
|
||||
37 | File | `admin/modules/master_file/rda_cmc.php?keywords` | High
|
||||
38 | File | `admin_gallery.php3` | High
|
||||
39 | File | `affich.php` | Medium
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 342 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
@ -133,7 +133,7 @@ ID | Type | Indicator | Confidence
|
|||
26 | File | `/RestAPI` | Medium
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 227 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 229 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -64,11 +64,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -84,35 +83,35 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/api/v2/cli/commands` | High
|
||||
5 | File | `/app/options.py` | High
|
||||
6 | File | `/attachments` | Medium
|
||||
7 | File | `/bsms/?page=manage_account` | High
|
||||
8 | File | `/bsms_ci/index.php/book` | High
|
||||
9 | File | `/cgi-bin/login.cgi` | High
|
||||
10 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
11 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
12 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
13 | File | `/dashboard/reports/logs/view` | High
|
||||
14 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/etc/hosts` | Medium
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/goform/setmac` | High
|
||||
19 | File | `/goform/wizard_end` | High
|
||||
20 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
21 | File | `/index/jobfairol/show/` | High
|
||||
22 | File | `/librarian/bookdetails.php` | High
|
||||
23 | File | `/manage-apartment.php` | High
|
||||
24 | File | `/medicines/profile.php` | High
|
||||
25 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
26 | File | `/pages/apply_vacancy.php` | High
|
||||
27 | File | `/proc/<PID>/mem` | High
|
||||
28 | File | `/project/PROJECTNAME/reports/` | High
|
||||
29 | File | `/proxy` | Low
|
||||
30 | File | `/spip.php` | Medium
|
||||
31 | File | `/tmp` | Low
|
||||
32 | File | `/uncpath/` | Medium
|
||||
7 | File | `/bsms_ci/index.php/book` | High
|
||||
8 | File | `/cgi-bin/login.cgi` | High
|
||||
9 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
10 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
12 | File | `/dashboard/reports/logs/view` | High
|
||||
13 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/etc/hosts` | Medium
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/goform/setmac` | High
|
||||
18 | File | `/goform/wizard_end` | High
|
||||
19 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
20 | File | `/index/jobfairol/show/` | High
|
||||
21 | File | `/librarian/bookdetails.php` | High
|
||||
22 | File | `/manage-apartment.php` | High
|
||||
23 | File | `/medicines/profile.php` | High
|
||||
24 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
25 | File | `/pages/apply_vacancy.php` | High
|
||||
26 | File | `/proc/<PID>/mem` | High
|
||||
27 | File | `/project/PROJECTNAME/reports/` | High
|
||||
28 | File | `/proxy` | Low
|
||||
29 | File | `/spip.php` | Medium
|
||||
30 | File | `/tmp` | Low
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/upload` | Low
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 279 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -75,36 +75,37 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/ctcprotocol/Protocol` | High
|
||||
18 | File | `/dashboard/menu-list.php` | High
|
||||
19 | File | `/data/remove` | Medium
|
||||
20 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/goforms/rlminfo` | High
|
||||
23 | File | `/Items/*/RemoteImages/Download` | High
|
||||
24 | File | `/login` | Low
|
||||
25 | File | `/menu.html` | Medium
|
||||
26 | File | `/navigate/navigate_download.php` | High
|
||||
27 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
28 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
29 | File | `/out.php` | Medium
|
||||
30 | File | `/owa/auth/logon.aspx` | High
|
||||
31 | File | `/password.html` | High
|
||||
32 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
33 | File | `/proc/ioports` | High
|
||||
34 | File | `/property-list/property_view.php` | High
|
||||
35 | File | `/ptms/classes/Users.php` | High
|
||||
36 | File | `/resources//../` | High
|
||||
37 | File | `/rest/api/2/search` | High
|
||||
38 | File | `/s/` | Low
|
||||
39 | File | `/scripts/cpan_config` | High
|
||||
40 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
41 | File | `/services/system/setup.json` | High
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/sys/dict/queryTableData` | High
|
||||
44 | File | `/tmp` | Low
|
||||
45 | File | `/uncpath/` | Medium
|
||||
46 | File | `/vloggers_merch/?p=view_product` | High
|
||||
47 | File | `/webconsole/APIController` | High
|
||||
48 | File | `/websocket/exec` | High
|
||||
49 | ... | ... | ...
|
||||
20 | File | `/ebics-server/ebics.aspx` | High
|
||||
21 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/goforms/rlminfo` | High
|
||||
24 | File | `/Items/*/RemoteImages/Download` | High
|
||||
25 | File | `/login` | Low
|
||||
26 | File | `/menu.html` | Medium
|
||||
27 | File | `/navigate/navigate_download.php` | High
|
||||
28 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
29 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/owa/auth/logon.aspx` | High
|
||||
32 | File | `/password.html` | High
|
||||
33 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
34 | File | `/proc/ioports` | High
|
||||
35 | File | `/property-list/property_view.php` | High
|
||||
36 | File | `/ptms/classes/Users.php` | High
|
||||
37 | File | `/resources//../` | High
|
||||
38 | File | `/rest/api/2/search` | High
|
||||
39 | File | `/s/` | Low
|
||||
40 | File | `/scripts/cpan_config` | High
|
||||
41 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
42 | File | `/services/system/setup.json` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/sys/dict/queryTableData` | High
|
||||
45 | File | `/tmp` | Low
|
||||
46 | File | `/uncpath/` | Medium
|
||||
47 | File | `/vloggers_merch/?p=view_product` | High
|
||||
48 | File | `/webconsole/APIController` | High
|
||||
49 | File | `/websocket/exec` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [NO](https://vuldb.com/?country.no)
|
||||
* [SG](https://vuldb.com/?country.sg)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
@ -74,7 +74,7 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `bb_usage_stats.php` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 109 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 112 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
There are 27 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -69,7 +69,7 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `/var/log/nginx` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 106 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 108 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -80,49 +80,50 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/api/blade-log/api/list` | High
|
||||
3 | File | `/api/trackedEntityInstances` | High
|
||||
4 | File | `/application/common.php#action_log` | High
|
||||
5 | File | `/category_view.php` | High
|
||||
6 | File | `/cgi-bin/portal` | High
|
||||
7 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
8 | File | `/common/download?filename=1.jsp&delete=false` | High
|
||||
9 | File | `/csms/?page=contact_us` | High
|
||||
10 | File | `/debug` | Low
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/goform/PowerSaveSet` | High
|
||||
14 | File | `/include/make.php` | High
|
||||
15 | File | `/index.php` | Medium
|
||||
16 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
17 | File | `/lists/admin/` | High
|
||||
18 | File | `/login.cgi?logout=1` | High
|
||||
19 | File | `/medical/inventories.php` | High
|
||||
20 | File | `/members/view_member.php` | High
|
||||
21 | File | `/mgmt/tm/util/bash` | High
|
||||
22 | File | `/module/admin_logs` | High
|
||||
23 | File | `/nova/bin/console` | High
|
||||
24 | File | `/owa/auth/logon.aspx` | High
|
||||
25 | File | `/plesk-site-preview/` | High
|
||||
26 | File | `/public/login.htm` | High
|
||||
27 | File | `/public/plugins/` | High
|
||||
28 | File | `/replication` | Medium
|
||||
29 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
30 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
31 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
32 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
33 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
34 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
35 | File | `/start-stop` | Medium
|
||||
36 | File | `/start_apply.htm` | High
|
||||
37 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
38 | File | `/tmp/app/.env` | High
|
||||
39 | File | `/uncpath/` | Medium
|
||||
40 | File | `/upload` | Low
|
||||
41 | File | `/usr/bin/pkexec` | High
|
||||
42 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
43 | File | `/WEB-INF/web.xml` | High
|
||||
44 | File | `/wp-admin/admin-ajax.php` | High
|
||||
45 | ... | ... | ...
|
||||
5 | File | `/baseOpLog.do` | High
|
||||
6 | File | `/category_view.php` | High
|
||||
7 | File | `/cgi-bin/portal` | High
|
||||
8 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
9 | File | `/common/download?filename=1.jsp&delete=false` | High
|
||||
10 | File | `/csms/?page=contact_us` | High
|
||||
11 | File | `/debug` | Low
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/goform/PowerSaveSet` | High
|
||||
15 | File | `/include/make.php` | High
|
||||
16 | File | `/index.php` | Medium
|
||||
17 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
18 | File | `/lists/admin/` | High
|
||||
19 | File | `/login.cgi?logout=1` | High
|
||||
20 | File | `/medical/inventories.php` | High
|
||||
21 | File | `/members/view_member.php` | High
|
||||
22 | File | `/mgmt/tm/util/bash` | High
|
||||
23 | File | `/module/admin_logs` | High
|
||||
24 | File | `/nova/bin/console` | High
|
||||
25 | File | `/owa/auth/logon.aspx` | High
|
||||
26 | File | `/plesk-site-preview/` | High
|
||||
27 | File | `/public/login.htm` | High
|
||||
28 | File | `/public/plugins/` | High
|
||||
29 | File | `/replication` | Medium
|
||||
30 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
31 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
32 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
33 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
34 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
35 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
36 | File | `/start-stop` | Medium
|
||||
37 | File | `/start_apply.htm` | High
|
||||
38 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
39 | File | `/tmp/app/.env` | High
|
||||
40 | File | `/uncpath/` | Medium
|
||||
41 | File | `/upload` | Low
|
||||
42 | File | `/usr/bin/pkexec` | High
|
||||
43 | File | `/v2/quantum/save-data-upload-big-file` | High
|
||||
44 | File | `/WEB-INF/web.xml` | High
|
||||
45 | File | `/wp-admin/admin-ajax.php` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 392 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 395 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -106,7 +106,7 @@ ID | Type | Indicator | Confidence
|
|||
43 | File | `Asc.exe` | Low
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 383 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -61,7 +61,7 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `/usr/lpp/mmfs/bin/` | High
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 96 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 97 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -462,65 +462,66 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/admin/api/admin/articles/` | High
|
||||
6 | File | `/Admin/login.php` | High
|
||||
7 | File | `/admin/showbad.php` | High
|
||||
8 | File | `/apilog.php` | Medium
|
||||
9 | File | `/bin/httpd` | Medium
|
||||
10 | File | `/cgi-bin/webadminget.cgi` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/connectors/index.php` | High
|
||||
13 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
14 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
15 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
18 | File | `/fos/admin/index.php?page=menu` | High
|
||||
19 | File | `/home/masterConsole` | High
|
||||
20 | File | `/home/sendBroadcast` | High
|
||||
21 | File | `/hrm/employeeadd.php` | High
|
||||
22 | File | `/hrm/employeeview.php` | High
|
||||
23 | File | `/index.php` | Medium
|
||||
24 | File | `/items/view_item.php` | High
|
||||
25 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
26 | File | `/lookin/info` | Medium
|
||||
27 | File | `/manager/index.php` | High
|
||||
28 | File | `/medical/inventories.php` | High
|
||||
29 | File | `/mkshop/Men/profile.php` | High
|
||||
30 | File | `/mobile/downloadfile.aspx` | High
|
||||
31 | File | `/modules/profile/index.php` | High
|
||||
32 | File | `/modules/projects/vw_files.php` | High
|
||||
33 | File | `/modules/public/calendar.php` | High
|
||||
34 | File | `/net/nfc/netlink.c` | High
|
||||
35 | File | `/newsDia.php` | Medium
|
||||
36 | File | `/out.php` | Medium
|
||||
37 | File | `/outgoing.php` | High
|
||||
38 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
41 | File | `/reports/rwservlet` | High
|
||||
42 | File | `/sacco_shield/manage_user.php` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
45 | File | `/staff/bookdetails.php` | High
|
||||
46 | File | `/staff/delete.php` | High
|
||||
47 | File | `/uncpath/` | Medium
|
||||
48 | File | `/user/update_booking.php` | High
|
||||
49 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
50 | File | `/wireless/security.asp` | High
|
||||
51 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
52 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
53 | File | `01article.php` | High
|
||||
54 | File | `AbstractScheduleJob.java` | High
|
||||
55 | File | `actionphp/download.File.php` | High
|
||||
56 | File | `adclick.php` | Medium
|
||||
57 | File | `addtocart.asp` | High
|
||||
58 | File | `admin.jcomments.php` | High
|
||||
59 | File | `admin.php` | Medium
|
||||
60 | File | `admin/abc.php` | High
|
||||
61 | File | `admin/admin/adminsave.html` | High
|
||||
62 | File | `admin/conf_users_edit.php` | High
|
||||
63 | File | `admin/disapprove_user.php` | High
|
||||
64 | ... | ... | ...
|
||||
8 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
10 | File | `/apilog.php` | Medium
|
||||
11 | File | `/bin/httpd` | Medium
|
||||
12 | File | `/cgi-bin/webadminget.cgi` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/connectors/index.php` | High
|
||||
15 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
17 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
20 | File | `/fos/admin/index.php?page=menu` | High
|
||||
21 | File | `/home/masterConsole` | High
|
||||
22 | File | `/home/sendBroadcast` | High
|
||||
23 | File | `/hrm/employeeadd.php` | High
|
||||
24 | File | `/hrm/employeeview.php` | High
|
||||
25 | File | `/index.php` | Medium
|
||||
26 | File | `/items/view_item.php` | High
|
||||
27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
28 | File | `/lookin/info` | Medium
|
||||
29 | File | `/manager/index.php` | High
|
||||
30 | File | `/medical/inventories.php` | High
|
||||
31 | File | `/mkshop/Men/profile.php` | High
|
||||
32 | File | `/mobile/downloadfile.aspx` | High
|
||||
33 | File | `/modules/profile/index.php` | High
|
||||
34 | File | `/modules/projects/vw_files.php` | High
|
||||
35 | File | `/modules/public/calendar.php` | High
|
||||
36 | File | `/net/nfc/netlink.c` | High
|
||||
37 | File | `/newsDia.php` | Medium
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/outgoing.php` | High
|
||||
40 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
41 | File | `/proxy` | Low
|
||||
42 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
43 | File | `/reports/rwservlet` | High
|
||||
44 | File | `/sacco_shield/manage_user.php` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
47 | File | `/staff/bookdetails.php` | High
|
||||
48 | File | `/staff/delete.php` | High
|
||||
49 | File | `/uncpath/` | Medium
|
||||
50 | File | `/user/update_booking.php` | High
|
||||
51 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
52 | File | `/wireless/security.asp` | High
|
||||
53 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
54 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
55 | File | `01article.php` | High
|
||||
56 | File | `AbstractScheduleJob.java` | High
|
||||
57 | File | `actionphp/download.File.php` | High
|
||||
58 | File | `adclick.php` | Medium
|
||||
59 | File | `addtocart.asp` | High
|
||||
60 | File | `admin.jcomments.php` | High
|
||||
61 | File | `admin.php` | Medium
|
||||
62 | File | `admin/abc.php` | High
|
||||
63 | File | `admin/admin/adminsave.html` | High
|
||||
64 | File | `admin/conf_users_edit.php` | High
|
||||
65 | ... | ... | ...
|
||||
|
||||
There are 561 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 565 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -42,7 +42,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -97,7 +97,7 @@ ID | Type | Indicator | Confidence
|
|||
45 | File | `admin/mod_users/controller.php?action=edit` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 399 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -24,34 +24,41 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
12 | [5.252.48.0](https://vuldb.com/?ip.5.252.48.0) | - | - | High
|
||||
13 | [31.170.224.0](https://vuldb.com/?ip.31.170.224.0) | - | - | High
|
||||
14 | [31.171.0.0](https://vuldb.com/?ip.31.171.0.0) | - | - | High
|
||||
15 | [37.26.0.0](https://vuldb.com/?ip.37.26.0.0) | - | - | High
|
||||
16 | [37.32.64.0](https://vuldb.com/?ip.37.32.64.0) | - | - | High
|
||||
17 | [37.61.0.0](https://vuldb.com/?ip.37.61.0.0) | - | - | High
|
||||
18 | [37.72.128.0](https://vuldb.com/?ip.37.72.128.0) | - | - | High
|
||||
19 | [37.114.128.0](https://vuldb.com/?ip.37.114.128.0) | - | - | High
|
||||
20 | [37.128.200.0](https://vuldb.com/?ip.37.128.200.0) | - | - | High
|
||||
21 | [45.12.70.16](https://vuldb.com/?ip.45.12.70.16) | hops-cases.get-eye.com | - | High
|
||||
22 | [45.12.71.16](https://vuldb.com/?ip.45.12.71.16) | - | - | High
|
||||
23 | [45.59.135.0](https://vuldb.com/?ip.45.59.135.0) | - | - | High
|
||||
24 | [45.136.164.0](https://vuldb.com/?ip.45.136.164.0) | - | - | High
|
||||
25 | [45.145.163.0](https://vuldb.com/?ip.45.145.163.0) | - | - | High
|
||||
26 | [46.18.64.0](https://vuldb.com/?ip.46.18.64.0) | - | - | High
|
||||
27 | [46.22.224.0](https://vuldb.com/?ip.46.22.224.0) | - | - | High
|
||||
28 | [46.23.96.0](https://vuldb.com/?ip.46.23.96.0) | - | - | High
|
||||
29 | [46.32.160.0](https://vuldb.com/?ip.46.32.160.0) | - | - | High
|
||||
30 | [46.228.176.0](https://vuldb.com/?ip.46.228.176.0) | - | - | High
|
||||
31 | [62.212.224.0](https://vuldb.com/?ip.62.212.224.0) | - | - | High
|
||||
32 | [62.217.128.0](https://vuldb.com/?ip.62.217.128.0) | - | - | High
|
||||
33 | [77.81.56.0](https://vuldb.com/?ip.77.81.56.0) | - | - | High
|
||||
34 | ... | ... | ... | ...
|
||||
15 | [31.222.225.0](https://vuldb.com/?ip.31.222.225.0) | - | - | High
|
||||
16 | [37.18.58.0](https://vuldb.com/?ip.37.18.58.0) | - | - | High
|
||||
17 | [37.26.0.0](https://vuldb.com/?ip.37.26.0.0) | - | - | High
|
||||
18 | [37.32.64.0](https://vuldb.com/?ip.37.32.64.0) | - | - | High
|
||||
19 | [37.61.0.0](https://vuldb.com/?ip.37.61.0.0) | - | - | High
|
||||
20 | [37.72.128.0](https://vuldb.com/?ip.37.72.128.0) | - | - | High
|
||||
21 | [37.114.128.0](https://vuldb.com/?ip.37.114.128.0) | - | - | High
|
||||
22 | [37.128.200.0](https://vuldb.com/?ip.37.128.200.0) | - | - | High
|
||||
23 | [38.10.80.0](https://vuldb.com/?ip.38.10.80.0) | - | - | High
|
||||
24 | [45.12.70.16](https://vuldb.com/?ip.45.12.70.16) | hops-cases.get-eye.com | - | High
|
||||
25 | [45.12.71.16](https://vuldb.com/?ip.45.12.71.16) | - | - | High
|
||||
26 | [45.15.43.0](https://vuldb.com/?ip.45.15.43.0) | - | - | High
|
||||
27 | [45.59.135.0](https://vuldb.com/?ip.45.59.135.0) | - | - | High
|
||||
28 | [45.136.164.0](https://vuldb.com/?ip.45.136.164.0) | - | - | High
|
||||
29 | [45.145.163.0](https://vuldb.com/?ip.45.145.163.0) | - | - | High
|
||||
30 | [45.154.204.0](https://vuldb.com/?ip.45.154.204.0) | - | - | High
|
||||
31 | [45.156.112.0](https://vuldb.com/?ip.45.156.112.0) | - | - | High
|
||||
32 | [45.159.210.0](https://vuldb.com/?ip.45.159.210.0) | - | - | High
|
||||
33 | [46.18.64.0](https://vuldb.com/?ip.46.18.64.0) | - | - | High
|
||||
34 | [46.22.224.0](https://vuldb.com/?ip.46.22.224.0) | - | - | High
|
||||
35 | [46.23.96.0](https://vuldb.com/?ip.46.23.96.0) | - | - | High
|
||||
36 | [46.32.160.0](https://vuldb.com/?ip.46.32.160.0) | - | - | High
|
||||
37 | [46.228.176.0](https://vuldb.com/?ip.46.228.176.0) | - | - | High
|
||||
38 | [57.88.16.0](https://vuldb.com/?ip.57.88.16.0) | - | - | High
|
||||
39 | [57.90.148.0](https://vuldb.com/?ip.57.90.148.0) | - | - | High
|
||||
40 | ... | ... | ... | ...
|
||||
|
||||
There are 133 more IOC items available. Please use our online service to access the data.
|
||||
There are 155 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/geolite2_country/country_az.netset
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_az.netset
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -59,25 +59,25 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/auparse/auparse.c` | High
|
||||
5 | File | `/aux` | Low
|
||||
6 | File | `/BindAccount/SuccessTips.js` | High
|
||||
7 | File | `/goform/QuickIndex` | High
|
||||
8 | File | `/goform/setMacFilterCfg` | High
|
||||
9 | File | `/goform/WifiBasicSet` | High
|
||||
10 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
11 | File | `/login.html` | Medium
|
||||
12 | File | `/medical/inventories.php` | High
|
||||
13 | File | `/pages.php` | Medium
|
||||
14 | File | `/pages/save_user.php` | High
|
||||
15 | File | `/patient/doctors.php` | High
|
||||
16 | File | `/rom-0` | Low
|
||||
17 | File | `/uncpath/` | Medium
|
||||
18 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
19 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
20 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
|
||||
21 | File | `abm.aspx` | Medium
|
||||
22 | File | `actions/ChangeConfiguration.html` | High
|
||||
7 | File | `/forum/away.php` | High
|
||||
8 | File | `/goform/QuickIndex` | High
|
||||
9 | File | `/goform/setMacFilterCfg` | High
|
||||
10 | File | `/goform/WifiBasicSet` | High
|
||||
11 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
12 | File | `/login.html` | Medium
|
||||
13 | File | `/medical/inventories.php` | High
|
||||
14 | File | `/pages.php` | Medium
|
||||
15 | File | `/pages/save_user.php` | High
|
||||
16 | File | `/patient/doctors.php` | High
|
||||
17 | File | `/rom-0` | Low
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
20 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
21 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
|
||||
22 | File | `abm.aspx` | Medium
|
||||
23 | ... | ... | ...
|
||||
|
||||
There are 193 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 196 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with B1txor20:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [SC](https://vuldb.com/?country.sc)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
@ -52,7 +52,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -61,34 +61,38 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\Razer\Synapse3\Service\bin` | High
|
||||
2 | File | `/admin_area/login_transfer.php` | High
|
||||
3 | File | `/apply.cgi` | Medium
|
||||
4 | File | `/bsms_ci/index.php/book` | High
|
||||
5 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
6 | File | `/ecshop/admin/template.php` | High
|
||||
7 | File | `/etc/shadow` | Medium
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/forums.php?action=post` | High
|
||||
10 | File | `/goform/formLogin` | High
|
||||
11 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
12 | File | `/index.php` | Medium
|
||||
13 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
|
||||
14 | File | `/list.php` | Medium
|
||||
15 | File | `/login/index.php` | High
|
||||
16 | File | `/medicines/profile.php` | High
|
||||
17 | File | `/SetNetworkSettings/SubnetMask` | High
|
||||
18 | File | `/setNTP.cgi` | Medium
|
||||
19 | File | `/spip.php` | Medium
|
||||
20 | File | `/tmp` | Low
|
||||
21 | File | `/tpts/manage_user.php` | High
|
||||
22 | File | `/u/username.json` | High
|
||||
23 | File | `/user/s.php` | Medium
|
||||
24 | File | `/usr/etc/restore0.9` | High
|
||||
25 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
26 | File | `/webif/SecurityModule` | High
|
||||
27 | ... | ... | ...
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/index3.php` | High
|
||||
4 | File | `/admin_area/login_transfer.php` | High
|
||||
5 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
6 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
7 | File | `/apply.cgi` | Medium
|
||||
8 | File | `/bsms_ci/index.php/book` | High
|
||||
9 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
10 | File | `/debug/pprof` | Medium
|
||||
11 | File | `/ecshop/admin/template.php` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/forums.php?action=post` | High
|
||||
14 | File | `/goform/formDefault` | High
|
||||
15 | File | `/goform/formLogin` | High
|
||||
16 | File | `/goform/formSysCmd` | High
|
||||
17 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
18 | File | `/index.php` | Medium
|
||||
19 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
|
||||
20 | File | `/list.php` | Medium
|
||||
21 | File | `/login/index.php` | High
|
||||
22 | File | `/medicines/profile.php` | High
|
||||
23 | File | `/Moosikay/order.php` | High
|
||||
24 | File | `/SetNetworkSettings/SubnetMask` | High
|
||||
25 | File | `/setNTP.cgi` | Medium
|
||||
26 | File | `/spip.php` | Medium
|
||||
27 | File | `/tmp` | Low
|
||||
28 | File | `/tpts/manage_user.php` | High
|
||||
29 | File | `/user/s.php` | Medium
|
||||
30 | File | `/usr/etc/restore0.9` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 231 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 267 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -75,40 +75,39 @@ ID | Type | Indicator | Confidence
|
|||
16 | File | `/ctcprotocol/Protocol` | High
|
||||
17 | File | `/dashboard/menu-list.php` | High
|
||||
18 | File | `/data/remove` | Medium
|
||||
19 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/goforms/rlminfo` | High
|
||||
22 | File | `/index.php/newsletter/subscriber/new/` | High
|
||||
23 | File | `/Items/*/RemoteImages/Download` | High
|
||||
24 | File | `/login` | Low
|
||||
25 | File | `/menu.html` | Medium
|
||||
26 | File | `/mkshop/Men/profile.php` | High
|
||||
27 | File | `/navigate/navigate_download.php` | High
|
||||
28 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
29 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/owa/auth/logon.aspx` | High
|
||||
32 | File | `/password.html` | High
|
||||
33 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
34 | File | `/proc/ioports` | High
|
||||
35 | File | `/property-list/property_view.php` | High
|
||||
36 | File | `/ptms/classes/Users.php` | High
|
||||
37 | File | `/resources//../` | High
|
||||
38 | File | `/rest/api/2/search` | High
|
||||
39 | File | `/s/` | Low
|
||||
40 | File | `/scripts/cpan_config` | High
|
||||
41 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
42 | File | `/services/system/setup.json` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/sys/dict/queryTableData` | High
|
||||
45 | File | `/tmp` | Low
|
||||
46 | File | `/uncpath/` | Medium
|
||||
47 | File | `/vloggers_merch/?p=view_product` | High
|
||||
48 | File | `/webconsole/APIController` | High
|
||||
49 | File | `/websocket/exec` | High
|
||||
50 | ... | ... | ...
|
||||
19 | File | `/ebics-server/ebics.aspx` | High
|
||||
20 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/goforms/rlminfo` | High
|
||||
23 | File | `/index.php/newsletter/subscriber/new/` | High
|
||||
24 | File | `/Items/*/RemoteImages/Download` | High
|
||||
25 | File | `/login` | Low
|
||||
26 | File | `/menu.html` | Medium
|
||||
27 | File | `/mkshop/Men/profile.php` | High
|
||||
28 | File | `/navigate/navigate_download.php` | High
|
||||
29 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
30 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
31 | File | `/out.php` | Medium
|
||||
32 | File | `/owa/auth/logon.aspx` | High
|
||||
33 | File | `/password.html` | High
|
||||
34 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
35 | File | `/proc/ioports` | High
|
||||
36 | File | `/property-list/property_view.php` | High
|
||||
37 | File | `/ptms/classes/Users.php` | High
|
||||
38 | File | `/resources//../` | High
|
||||
39 | File | `/rest/api/2/search` | High
|
||||
40 | File | `/s/` | Low
|
||||
41 | File | `/scripts/cpan_config` | High
|
||||
42 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
43 | File | `/services/system/setup.json` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/sys/dict/queryTableData` | High
|
||||
46 | File | `/tmp` | Low
|
||||
47 | File | `/uncpath/` | Medium
|
||||
48 | File | `/vloggers_merch/?p=view_product` | High
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 433 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 426 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -147,14 +147,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -162,42 +162,39 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/appliance/users?action=edit` | High
|
||||
2 | File | `/blogengine/api/posts` | High
|
||||
3 | File | `/cbs/system/ShowAdvanced.do` | High
|
||||
4 | File | `/cgi-bin/api-get_line_status` | High
|
||||
5 | File | `/cgi-bin/luci` | High
|
||||
6 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
7 | File | `/cgi-bin/upload_vpntar` | High
|
||||
8 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
9 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
10 | File | `/etc/ldap.conf` | High
|
||||
11 | File | `/etc/shadow` | Medium
|
||||
12 | File | `/export` | Low
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/goform/fast_setting_wifi_set` | High
|
||||
15 | File | `/goform/setMacFilterCfg` | High
|
||||
16 | File | `/h/calendar` | Medium
|
||||
17 | File | `/hrm/controller/employee.php` | High
|
||||
18 | File | `/hrm/employeeadd.php` | High
|
||||
19 | File | `/hrm/employeeview.php` | High
|
||||
20 | File | `/index.php` | Medium
|
||||
21 | File | `/lib` | Low
|
||||
22 | File | `/login/index.php` | High
|
||||
23 | File | `/m3_exec.h` | Medium
|
||||
24 | File | `/mhds/clinic/view_details.php` | High
|
||||
25 | File | `/obs/book.php` | High
|
||||
26 | File | `/products/view_product.php` | High
|
||||
27 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
|
||||
28 | File | `/services/view_service.php` | High
|
||||
29 | File | `/shell` | Low
|
||||
30 | File | `/spip.php` | Medium
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/usr/bin/tddp` | High
|
||||
33 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
34 | ... | ... | ...
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/appliance/users?action=edit` | High
|
||||
3 | File | `/backup.pl` | Medium
|
||||
4 | File | `/blogengine/api/posts` | High
|
||||
5 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
6 | File | `/forum/away.php` | High
|
||||
7 | File | `/login/index.php` | High
|
||||
8 | File | `/Moosikay/order.php` | High
|
||||
9 | File | `/out.php` | Medium
|
||||
10 | File | `/php-scrm/login.php` | High
|
||||
11 | File | `/products/view_product.php` | High
|
||||
12 | File | `/public/login.htm` | High
|
||||
13 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
14 | File | `/shell` | Low
|
||||
15 | File | `/spip.php` | Medium
|
||||
16 | File | `/tmp/boa-temp` | High
|
||||
17 | File | `/usr/bin/tddp` | High
|
||||
18 | File | `/wp-admin/admin-ajax.php` | High
|
||||
19 | File | `/wp-admin/options.php` | High
|
||||
20 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
21 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
22 | File | `action.php` | Medium
|
||||
23 | File | `adclick.php` | Medium
|
||||
24 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
25 | File | `admin/disapprove_user.php` | High
|
||||
26 | File | `admin/import/class-import-settings.php` | High
|
||||
27 | File | `admin/manage_user.php` | High
|
||||
28 | File | `admin/page-login.php` | High
|
||||
29 | File | `adminer.php` | Medium
|
||||
30 | File | `AndroidManifest.xml` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 294 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -54,21 +54,22 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/ecrire` | Low
|
||||
5 | File | `/forum/away.php` | High
|
||||
6 | File | `/getcfg.php` | Medium
|
||||
7 | File | `/proc/ioports` | High
|
||||
8 | File | `/services/details.asp` | High
|
||||
9 | File | `/tmp` | Low
|
||||
10 | File | `/uncpath/` | Medium
|
||||
11 | File | `/Upload.ashx` | Medium
|
||||
12 | File | `/var/tmp/sess_*` | High
|
||||
13 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
14 | File | `activateuser.aspx` | High
|
||||
15 | File | `adclick.php` | Medium
|
||||
16 | File | `admin/killsource` | High
|
||||
17 | File | `admin/orion.extfeedbackform_efbf_forms.php` | High
|
||||
18 | File | `auth-gss2.c` | Medium
|
||||
19 | ... | ... | ...
|
||||
7 | File | `/MicroStrategyWS/happyaxis.jsp` | High
|
||||
8 | File | `/owa/auth/logon.aspx` | High
|
||||
9 | File | `/proc/ioports` | High
|
||||
10 | File | `/services/details.asp` | High
|
||||
11 | File | `/tmp` | Low
|
||||
12 | File | `/uncpath/` | Medium
|
||||
13 | File | `/Upload.ashx` | Medium
|
||||
14 | File | `/var/tmp/sess_*` | High
|
||||
15 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
16 | File | `activateuser.aspx` | High
|
||||
17 | File | `adclick.php` | Medium
|
||||
18 | File | `admin/killsource` | High
|
||||
19 | File | `admin/orion.extfeedbackform_efbf_forms.php` | High
|
||||
20 | ... | ... | ...
|
||||
|
||||
There are 153 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 161 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -84,7 +84,7 @@ ID | Type | Indicator | Confidence
|
|||
30 | File | `admin.php` | Medium
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 262 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 263 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
There are 27 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -64,9 +64,10 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
10 | File | `/requests.php` | High
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | ... | ... | ...
|
||||
12 | File | `/var/log/nginx` | High
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 90 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 103 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -82,14 +82,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28, CWE-35 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-35 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -97,55 +97,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `/admin/ajax.php?action=save_window` | High
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/admin/api/theme-edit/` | High
|
||||
5 | File | `/Api/ASF` | Medium
|
||||
6 | File | `/api/browserextension/UpdatePassword/` | High
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
3 | File | `/admin/ajax.php?action=save_window` | High
|
||||
4 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
5 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
6 | File | `/bin/httpd` | Medium
|
||||
7 | File | `/blogengine/api/posts` | High
|
||||
8 | File | `/cgi-bin/api-get_line_status` | High
|
||||
9 | File | `/cgi-bin/luci` | High
|
||||
10 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
11 | File | `/cgi-bin/upload_vpntar` | High
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
14 | File | `/ctcprotocol/Protocol` | High
|
||||
15 | File | `/Default/Bd` | Medium
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
17 | File | `/etc/passwd` | Medium
|
||||
18 | File | `/event/admin/?page=user/list` | High
|
||||
19 | File | `/export` | Low
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/goform/WifiBasicSet` | High
|
||||
22 | File | `/h/calendar` | Medium
|
||||
23 | File | `/hrm/controller/employee.php` | High
|
||||
24 | File | `/hrm/employeeadd.php` | High
|
||||
25 | File | `/hrm/employeeview.php` | High
|
||||
26 | File | `/hss/admin/?page=client/manage_client` | High
|
||||
27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
28 | File | `/login/index.php` | High
|
||||
29 | File | `/menu.html` | Medium
|
||||
30 | File | `/obs/book.php` | High
|
||||
31 | File | `/pages/processlogin.php` | High
|
||||
32 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
33 | File | `/proxy` | Low
|
||||
34 | File | `/reports/rwservlet` | High
|
||||
35 | File | `/resources//../` | High
|
||||
36 | File | `/services/view_service.php` | High
|
||||
37 | File | `/setNTP.cgi` | Medium
|
||||
38 | File | `/tmp/boa-temp` | High
|
||||
39 | File | `/tpts/manage_user.php` | High
|
||||
40 | File | `/trufusionPortal/upDwModuleProxy` | High
|
||||
41 | File | `/uncpath/` | Medium
|
||||
42 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
43 | File | `/view-property.php` | High
|
||||
44 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
45 | File | `/zhndnsdisplay.cmd` | High
|
||||
46 | File | `actionphp/download.File.php` | High
|
||||
47 | ... | ... | ...
|
||||
8 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
9 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
10 | File | `/config/api/v1/reboot` | High
|
||||
11 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
12 | File | `/ebics-server/ebics.aspx` | High
|
||||
13 | File | `/etc` | Low
|
||||
14 | File | `/etc/passwd` | Medium
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/forum/PostPrivateMessage` | High
|
||||
17 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
18 | File | `/fos/admin/index.php?page=menu` | High
|
||||
19 | File | `/home/masterConsole` | High
|
||||
20 | File | `/home/sendBroadcast` | High
|
||||
21 | File | `/hss/admin/?page=client/manage_client` | High
|
||||
22 | File | `/login/index.php` | High
|
||||
23 | File | `/php-scrm/login.php` | High
|
||||
24 | File | `/products/view_product.php` | High
|
||||
25 | File | `/public/login.htm` | High
|
||||
26 | File | `/resources//../` | High
|
||||
27 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
28 | File | `/setNTP.cgi` | Medium
|
||||
29 | File | `/shell` | Low
|
||||
30 | File | `/spip.php` | Medium
|
||||
31 | File | `/sys/dict/queryTableData` | High
|
||||
32 | File | `/tpts/manage_user.php` | High
|
||||
33 | File | `/trufusionPortal/upDwModuleProxy` | High
|
||||
34 | File | `/uncpath/` | Medium
|
||||
35 | File | `/usr/bin/tddp` | High
|
||||
36 | File | `/wireless/security.asp` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 405 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -46,9 +46,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -65,45 +65,46 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/cgi-bin/editBookmark` | High
|
||||
5 | File | `/configs/application.ini` | High
|
||||
6 | File | `/goform/setPicListItem` | High
|
||||
7 | File | `/rapi/read_url` | High
|
||||
8 | File | `/services/Card/findUser` | High
|
||||
9 | File | `/spacecom/login.php` | High
|
||||
10 | File | `/ucenter/active.php` | High
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | File | `/xampp/guestbook-en.pl` | High
|
||||
13 | File | `/zm/index.php` | High
|
||||
14 | File | `123flashchat.php` | High
|
||||
15 | File | `abook_database.php` | High
|
||||
16 | File | `action.php` | Medium
|
||||
17 | File | `admin.php` | Medium
|
||||
18 | File | `admin/admin_process.php` | High
|
||||
19 | File | `admin/profile_settings_net.html` | High
|
||||
20 | File | `admin/vqmods.app/vqmods.inc.php` | High
|
||||
21 | File | `af.cgi/alienform.cgi` | High
|
||||
22 | File | `afd.sys` | Low
|
||||
23 | File | `ajax.php` | Medium
|
||||
24 | File | `akocomment.php` | High
|
||||
25 | File | `app/routes/research.js` | High
|
||||
26 | File | `article.php` | Medium
|
||||
27 | File | `aviso.php` | Medium
|
||||
28 | File | `awredir.pl` | Medium
|
||||
29 | File | `bar.phtml` | Medium
|
||||
30 | File | `bitmap/bdfread.c` | High
|
||||
31 | File | `blocks.php` | Medium
|
||||
32 | File | `blog.cgi` | Medium
|
||||
33 | File | `bluewrench-video-widget.php` | High
|
||||
34 | File | `browse.php` | Medium
|
||||
35 | File | `carsdetail.asp` | High
|
||||
36 | File | `cartman.php` | Medium
|
||||
37 | File | `categories.php` | High
|
||||
38 | File | `cdf.c` | Low
|
||||
39 | File | `cgi-bin/module/sysmanager/admin/SYSAdminUserDialog` | High
|
||||
40 | File | `chetcpasswd.cgi` | High
|
||||
41 | File | `classifieds.cgi` | High
|
||||
42 | File | `cmd.php` | Low
|
||||
43 | ... | ... | ...
|
||||
7 | File | `/home/cavesConsole` | High
|
||||
8 | File | `/home/kickPlayer` | High
|
||||
9 | File | `/home/masterConsole` | High
|
||||
10 | File | `/home/sendBroadcast` | High
|
||||
11 | File | `/rapi/read_url` | High
|
||||
12 | File | `/services/Card/findUser` | High
|
||||
13 | File | `/spacecom/login.php` | High
|
||||
14 | File | `/sys/dict/queryTableData` | High
|
||||
15 | File | `/ucenter/active.php` | High
|
||||
16 | File | `/uncpath/` | Medium
|
||||
17 | File | `/user/updatePwd` | High
|
||||
18 | File | `/xampp/guestbook-en.pl` | High
|
||||
19 | File | `/zm/index.php` | High
|
||||
20 | File | `123flashchat.php` | High
|
||||
21 | File | `abook_database.php` | High
|
||||
22 | File | `action.php` | Medium
|
||||
23 | File | `admin.php` | Medium
|
||||
24 | File | `admin/admin_process.php` | High
|
||||
25 | File | `admin/profile_settings_net.html` | High
|
||||
26 | File | `admin/vqmods.app/vqmods.inc.php` | High
|
||||
27 | File | `af.cgi/alienform.cgi` | High
|
||||
28 | File | `afd.sys` | Low
|
||||
29 | File | `ajax.php` | Medium
|
||||
30 | File | `akocomment.php` | High
|
||||
31 | File | `app/routes/research.js` | High
|
||||
32 | File | `article.php` | Medium
|
||||
33 | File | `aviso.php` | Medium
|
||||
34 | File | `awredir.pl` | Medium
|
||||
35 | File | `bar.phtml` | Medium
|
||||
36 | File | `bitmap/bdfread.c` | High
|
||||
37 | File | `blocks.php` | Medium
|
||||
38 | File | `blog.cgi` | Medium
|
||||
39 | File | `bluewrench-video-widget.php` | High
|
||||
40 | File | `browse.php` | Medium
|
||||
41 | File | `carsdetail.asp` | High
|
||||
42 | File | `cartman.php` | Medium
|
||||
43 | File | `categories.php` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 370 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -61,7 +61,7 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `admin/adminsignin.html` | High
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 100 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 102 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -61,18 +61,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/api/admin/articles/` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
7 | File | `/admin/generalsettings.php` | High
|
||||
8 | File | `/Admin/login.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/reports.php` | High
|
||||
11 | File | `/admin/showbad.php` | High
|
||||
2 | File | `/Admin/add-student.php` | High
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/admin/conferences/list/` | High
|
||||
5 | File | `/admin/generalsettings.php` | High
|
||||
6 | File | `/Admin/login.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/admin/reports.php` | High
|
||||
9 | File | `/admin/showbad.php` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
11 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
12 | File | `/apilog.php` | Medium
|
||||
13 | File | `/cgi-bin/kerbynet` | High
|
||||
13 | File | `/bin/httpd` | Medium
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/connectors/index.php` | High
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
|
@ -86,18 +86,18 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `/hrm/employeeadd.php` | High
|
||||
25 | File | `/hrm/employeeview.php` | High
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/Items/*/RemoteImages/Download` | High
|
||||
28 | File | `/items/view_item.php` | High
|
||||
29 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
30 | File | `/lookin/info` | Medium
|
||||
31 | File | `/MagickCore/image.c` | High
|
||||
32 | File | `/manager/index.php` | High
|
||||
33 | File | `/medical/inventories.php` | High
|
||||
34 | File | `/modules/profile/index.php` | High
|
||||
35 | File | `/modules/projects/vw_files.php` | High
|
||||
36 | File | `/modules/public/calendar.php` | High
|
||||
37 | File | `/newsDia.php` | Medium
|
||||
38 | File | `/out.php` | Medium
|
||||
27 | File | `/items/view_item.php` | High
|
||||
28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
29 | File | `/lookin/info` | Medium
|
||||
30 | File | `/manager/index.php` | High
|
||||
31 | File | `/medical/inventories.php` | High
|
||||
32 | File | `/modules/profile/index.php` | High
|
||||
33 | File | `/modules/projects/vw_files.php` | High
|
||||
34 | File | `/modules/public/calendar.php` | High
|
||||
35 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
36 | File | `/newsDia.php` | Medium
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/php-opos/index.php` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/public/launchNewWindow.jsp` | High
|
||||
41 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
|
@ -120,9 +120,10 @@ ID | Type | Indicator | Confidence
|
|||
58 | File | `AdClass.php` | Medium
|
||||
59 | File | `adclick.php` | Medium
|
||||
60 | File | `addtocart.asp` | High
|
||||
61 | ... | ... | ...
|
||||
61 | File | `admin.php` | Medium
|
||||
62 | ... | ... | ...
|
||||
|
||||
There are 529 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 538 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -529,7 +529,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -545,41 +546,43 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/admin/subnets/ripe-query.php` | High
|
||||
5 | File | `/appliance/users?action=edit` | High
|
||||
6 | File | `/attachments` | Medium
|
||||
7 | File | `/bsms_ci/index.php/book` | High
|
||||
8 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
11 | File | `/etc/hosts` | Medium
|
||||
12 | File | `/etc/ldap.conf` | High
|
||||
13 | File | `/etc/quagga` | Medium
|
||||
14 | File | `/etc/shadow` | Medium
|
||||
15 | File | `/event/admin/?page=user/list` | High
|
||||
16 | File | `/foms/place-order.php` | High
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/goform/wizard_end` | High
|
||||
19 | File | `/h/calendar` | Medium
|
||||
20 | File | `/hardware` | Medium
|
||||
21 | File | `/index.php` | Medium
|
||||
22 | File | `/medicines/profile.php` | High
|
||||
23 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
24 | File | `/nova/bin/detnet` | High
|
||||
25 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
26 | File | `/out.php` | Medium
|
||||
27 | File | `/php-sms/classes/Master.php` | High
|
||||
28 | File | `/php-sms/classes/SystemSettings.php` | High
|
||||
29 | File | `/proxy` | Low
|
||||
30 | File | `/spip.php` | Medium
|
||||
31 | File | `/tmp` | Low
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | File | `/user/loader.php?api=1` | High
|
||||
34 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
35 | File | `/wp-admin/admin-ajax.php` | High
|
||||
7 | File | `/backup.pl` | Medium
|
||||
8 | File | `/bsms_ci/index.php/book` | High
|
||||
9 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
10 | File | `/debug/pprof` | Medium
|
||||
11 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
12 | File | `/etc/hosts` | Medium
|
||||
13 | File | `/etc/ldap.conf` | High
|
||||
14 | File | `/etc/quagga` | Medium
|
||||
15 | File | `/etc/shadow` | Medium
|
||||
16 | File | `/event/admin/?page=user/list` | High
|
||||
17 | File | `/foms/place-order.php` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/goform/wizard_end` | High
|
||||
20 | File | `/h/calendar` | Medium
|
||||
21 | File | `/hardware` | Medium
|
||||
22 | File | `/index.php` | Medium
|
||||
23 | File | `/medicines/profile.php` | High
|
||||
24 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
25 | File | `/out.php` | Medium
|
||||
26 | File | `/php-scrm/login.php` | High
|
||||
27 | File | `/proxy` | Low
|
||||
28 | File | `/spip.php` | Medium
|
||||
29 | File | `/tmp` | Low
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/user/loader.php?api=1` | High
|
||||
32 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
33 | File | `/video-sharing-script/watch-video.php` | High
|
||||
34 | File | `/wp-admin/admin-ajax.php` | High
|
||||
35 | File | `action.php` | Medium
|
||||
36 | File | `ActivityRecord.java` | High
|
||||
37 | File | `adclick.php` | Medium
|
||||
38 | File | `add-patient.php` | High
|
||||
39 | ... | ... | ...
|
||||
39 | File | `adm.cgi` | Low
|
||||
40 | File | `admin.php` | Medium
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 339 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 355 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -46,7 +46,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
@ -61,53 +61,51 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
2 | File | `/admin/api/admin/articles/` | High
|
||||
3 | File | `/admin/api/admin/v2_products` | High
|
||||
4 | File | `/admin/api/theme-edit/` | High
|
||||
5 | File | `/blogengine/api/posts` | High
|
||||
6 | File | `/cgi-bin/api-get_line_status` | High
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/admin/api/admin/v2_products` | High
|
||||
5 | File | `/admin/api/theme-edit/` | High
|
||||
6 | File | `/blogengine/api/posts` | High
|
||||
7 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
8 | File | `/cgi-bin/upload_vpntar` | High
|
||||
9 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
10 | File | `/common/run_cross_report.php` | High
|
||||
11 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
12 | File | `/event/admin/?page=user/list` | High
|
||||
13 | File | `/export` | Low
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
16 | File | `/goform/SysToolChangePwd` | High
|
||||
17 | File | `/goform/WifiBasicSet` | High
|
||||
18 | File | `/index/user/user_edit.html` | High
|
||||
19 | File | `/login/index.php` | High
|
||||
20 | File | `/obs/book.php` | High
|
||||
21 | File | `/php_action/createUser.php` | High
|
||||
22 | File | `/products/view_product.php` | High
|
||||
23 | File | `/proxy` | Low
|
||||
24 | File | `/public/login.htm` | High
|
||||
25 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
26 | File | `/shell` | Low
|
||||
27 | File | `/spip.php` | Medium
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/usr/bin/tddp` | High
|
||||
30 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
31 | File | `/wp-admin/admin-ajax.php` | High
|
||||
32 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
33 | File | `/_vti_pvt/access.cnf` | High
|
||||
34 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
|
||||
35 | File | `actions/UploadAction.php` | High
|
||||
36 | File | `adclick.php` | Medium
|
||||
37 | File | `add_contestant.php` | High
|
||||
38 | File | `admin/import/class-import-settings.php` | High
|
||||
39 | File | `admin/manage_user.php` | High
|
||||
40 | File | `admin/page-login.php` | High
|
||||
41 | File | `admin/panels/uploader/admin.uploader.php` | High
|
||||
42 | File | `admin/practice_pdf.php` | High
|
||||
43 | File | `administrator/components/com_joomgallery/views/config/tmpl/default.php` | High
|
||||
44 | File | `announce.php` | Medium
|
||||
45 | ... | ... | ...
|
||||
10 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
11 | File | `/event/admin/?page=user/list` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
14 | File | `/goform/SysToolChangePwd` | High
|
||||
15 | File | `/goform/WifiBasicSet` | High
|
||||
16 | File | `/index/user/user_edit.html` | High
|
||||
17 | File | `/login/index.php` | High
|
||||
18 | File | `/obs/book.php` | High
|
||||
19 | File | `/products/view_product.php` | High
|
||||
20 | File | `/proxy` | Low
|
||||
21 | File | `/public/login.htm` | High
|
||||
22 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
23 | File | `/shell` | Low
|
||||
24 | File | `/spip.php` | Medium
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/usr/bin/tddp` | High
|
||||
27 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
28 | File | `/wp-admin/admin-ajax.php` | High
|
||||
29 | File | `/wp-admin/options.php` | High
|
||||
30 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
31 | File | `/_vti_pvt/access.cnf` | High
|
||||
32 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
|
||||
33 | File | `actions/UploadAction.php` | High
|
||||
34 | File | `adclick.php` | Medium
|
||||
35 | File | `add_contestant.php` | High
|
||||
36 | File | `admin/import/class-import-settings.php` | High
|
||||
37 | File | `admin/manage_user.php` | High
|
||||
38 | File | `admin/page-login.php` | High
|
||||
39 | File | `admin/panels/uploader/admin.uploader.php` | High
|
||||
40 | File | `admin/practice_pdf.php` | High
|
||||
41 | File | `administrator/components/com_joomgallery/views/config/tmpl/default.php` | High
|
||||
42 | File | `announce.php` | Medium
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 392 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -59,7 +59,7 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `coders/png.c` | Medium
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 79 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 82 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,7 +9,6 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dealply:
|
||||
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -34,11 +33,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-29 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -50,37 +49,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$GIT_DIR/objects` | High
|
||||
2 | File | `/admin/index2.html` | High
|
||||
3 | File | `/adminGetUserList` | High
|
||||
4 | File | `/admin_area/login_transfer.php` | High
|
||||
5 | File | `/api/public/register/family` | High
|
||||
6 | File | `/api/v1/mentions` | High
|
||||
7 | File | `/backup.pl` | Medium
|
||||
8 | File | `/bin/httpd` | Medium
|
||||
9 | File | `/cgi-bin/ExportLogs.sh` | High
|
||||
10 | File | `/check` | Low
|
||||
11 | File | `/controller/OnlinePreviewController.java` | High
|
||||
12 | File | `/CPE` | Low
|
||||
13 | File | `/ecshop/admin/template.php` | High
|
||||
14 | File | `/file_manage_view.php?fmdo=edit&filename` | High
|
||||
15 | File | `/formwork/panel/dashboard` | High
|
||||
16 | File | `/forum/PostPrivateMessage` | High
|
||||
17 | File | `/goform/formEasySetupWizard3` | High
|
||||
18 | File | `/goform/formLogin` | High
|
||||
19 | File | `/goform/formSchedule` | High
|
||||
20 | File | `/goform/formSetACLFilter` | High
|
||||
21 | File | `/goform/formSetEmail` | High
|
||||
22 | File | `/goform/formSetRoute` | High
|
||||
23 | File | `/goform/formSetWanDhcpplus` | High
|
||||
24 | File | `/goform/formWlanGuestSetup` | High
|
||||
25 | File | `/goform/formWPS` | High
|
||||
26 | File | `/home/cavesConsole` | High
|
||||
27 | File | `/home/kickPlayer` | High
|
||||
28 | File | `/home/masterConsole` | High
|
||||
29 | File | `/home/sendBroadcast` | High
|
||||
30 | ... | ... | ...
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin/index2.html` | High
|
||||
5 | File | `/admin/index3.php` | High
|
||||
6 | File | `/admin/main/mod-blog` | High
|
||||
7 | File | `/admin_area/login_transfer.php` | High
|
||||
8 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
11 | File | `/adms/classes/Users.php` | High
|
||||
12 | File | `/alphaware/summary.php` | High
|
||||
13 | File | `/api/public/register/family` | High
|
||||
14 | File | `/api/sys_msg/list/1/10` | High
|
||||
15 | File | `/APR/login.php` | High
|
||||
16 | File | `/APR/signup.php` | High
|
||||
17 | File | `/backup.pl` | Medium
|
||||
18 | File | `/bin/httpd` | Medium
|
||||
19 | File | `/boat/login.php` | High
|
||||
20 | File | `/cgi-bin/ExportLogs.sh` | High
|
||||
21 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
22 | File | `/cgi-bin/mft/wireless_mft` | High
|
||||
23 | File | `/check` | Low
|
||||
24 | File | `/data/config.ftp.php` | High
|
||||
25 | File | `/ecshop/admin/template.php` | High
|
||||
26 | File | `/editor/index.php` | High
|
||||
27 | File | `/formwork/panel/dashboard` | High
|
||||
28 | File | `/goform/formEasySetupWizard3` | High
|
||||
29 | File | `/goform/formLogin` | High
|
||||
30 | File | `/goform/formSchedule` | High
|
||||
31 | File | `/goform/formSetACLFilter` | High
|
||||
32 | File | `/goform/formSetEmail` | High
|
||||
33 | File | `/goform/formSetRoute` | High
|
||||
34 | File | `/goform/formSetWanDhcpplus` | High
|
||||
35 | File | `/goform/formSysCmd` | High
|
||||
36 | File | `/goform/formWlanGuestSetup` | High
|
||||
37 | File | `/goform/formWPS` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 258 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 328 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -50,17 +50,18 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/users.php?source=edit_user&id=1` | High
|
||||
2 | File | `/forum/away.php` | High
|
||||
3 | File | `/modules/profile/index.php` | High
|
||||
4 | File | `/proc/self/environ` | High
|
||||
5 | File | `/rest/project-templates/1.0/createshared` | High
|
||||
6 | File | `/server-status` | High
|
||||
7 | File | `act.php` | Low
|
||||
8 | File | `adclick.php` | Medium
|
||||
9 | File | `admin.php` | Medium
|
||||
10 | ... | ... | ...
|
||||
2 | File | `/cdsms/classes/Master.php?f=delete_package` | High
|
||||
3 | File | `/forum/away.php` | High
|
||||
4 | File | `/modules/profile/index.php` | High
|
||||
5 | File | `/onvif/device_service` | High
|
||||
6 | File | `/pro/repo-create.html` | High
|
||||
7 | File | `/proc/self/environ` | High
|
||||
8 | File | `/rest/project-templates/1.0/createshared` | High
|
||||
9 | File | `/server-status` | High
|
||||
10 | File | `act.php` | Low
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 77 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 83 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,71 @@
|
|||
# Earth Kitsune - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Earth Kitsune](https://vuldb.com/?actor.earth_kitsune). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.earth_kitsune](https://vuldb.com/?actor.earth_kitsune)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with Earth Kitsune:
|
||||
|
||||
* WhiskerSpy
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Earth Kitsune:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Earth Kitsune.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.76.62.198](https://vuldb.com/?ip.45.76.62.198) | 45.76.62.198.vultrusercontent.com | WhiskerSpy | High
|
||||
2 | [172.93.201.172](https://vuldb.com/?ip.172.93.201.172) | 172-201-93-172.reverse-dns | WhiskerSpy | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Earth Kitsune_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Earth Kitsune. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/anony/mjpg.cgi` | High
|
||||
2 | File | `adclick.php` | Medium
|
||||
3 | File | `email.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.trendmicro.com/en_us/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -821,14 +821,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -836,40 +836,34 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin/upload/upload` | High
|
||||
3 | File | `/apply_noauth.cgi` | High
|
||||
1 | File | `/.dbus-keyrings` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/api/blade-log/api/list` | High
|
||||
4 | File | `/bin/sh` | Low
|
||||
5 | File | `/blogengine/api/posts` | High
|
||||
6 | File | `/bsms_ci/index.php/book` | High
|
||||
7 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
8 | File | `/cgi-bin/upload_vpntar` | High
|
||||
9 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
10 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/hrm/controller/employee.php` | High
|
||||
14 | File | `/hrm/employeeadd.php` | High
|
||||
15 | File | `/hrm/employeeview.php` | High
|
||||
16 | File | `/hss/admin/?page=products/manage_product` | High
|
||||
17 | File | `/ims/login.php` | High
|
||||
18 | File | `/login/index.php` | High
|
||||
19 | File | `/medicines/profile.php` | High
|
||||
20 | File | `/mhds/clinic/view_details.php` | High
|
||||
21 | File | `/obs/book.php` | High
|
||||
22 | File | `/opt/Citrix/ICAClient/util/ctxwebhelper` | High
|
||||
23 | File | `/pms/update_user.php?user_id=1` | High
|
||||
24 | File | `/products/view_product.php` | High
|
||||
25 | File | `/shell` | Low
|
||||
26 | File | `/spip.php` | Medium
|
||||
27 | File | `/subtitles.php` | High
|
||||
28 | File | `/tmp` | Low
|
||||
29 | File | `/tmp/net-$DEVICE.conf` | High
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/user/upload/upload` | High
|
||||
32 | ... | ... | ...
|
||||
5 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
6 | File | `/cimom` | Low
|
||||
7 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
8 | File | `/data/wps.setup.json` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/forum/PostPrivateMessage` | High
|
||||
12 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
|
||||
13 | File | `/public/login.htm` | High
|
||||
14 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
15 | File | `/spip.php` | Medium
|
||||
16 | File | `/usr/bin/pkexec` | High
|
||||
17 | File | `/wp-admin/admin-ajax.php` | High
|
||||
18 | File | `/wp-admin/options.php` | High
|
||||
19 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
20 | File | `adclick.php` | Medium
|
||||
21 | File | `adminer.php` | Medium
|
||||
22 | File | `api.php` | Low
|
||||
23 | File | `APKINDEX.tar.gz` | High
|
||||
24 | File | `AtlTraceTool8.exe` | High
|
||||
25 | File | `AutomaticZenRule.java` | High
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 222 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -122,7 +122,7 @@ ID | Type | Indicator | Confidence
|
|||
53 | File | `add_edit_cat.asp` | High
|
||||
54 | ... | ... | ...
|
||||
|
||||
There are 474 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 473 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -96,11 +96,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-28 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -112,66 +112,65 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/api/admin/articles/` | High
|
||||
5 | File | `/Admin/login.php` | High
|
||||
6 | File | `/admin/submit-articles` | High
|
||||
7 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
8 | File | `/apilog.php` | Medium
|
||||
9 | File | `/attachments` | Medium
|
||||
10 | File | `/bsms_ci/index.php/book` | High
|
||||
11 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/connectors/index.php` | High
|
||||
14 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
18 | File | `/etc/hosts` | Medium
|
||||
19 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
22 | File | `/fos/admin/index.php?page=menu` | High
|
||||
23 | File | `/goform/setmac` | High
|
||||
24 | File | `/goform/wizard_end` | High
|
||||
25 | File | `/hrm/employeeadd.php` | High
|
||||
26 | File | `/hrm/employeeview.php` | High
|
||||
27 | File | `/index.php` | Medium
|
||||
28 | File | `/items/view_item.php` | High
|
||||
29 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
30 | File | `/lookin/info` | Medium
|
||||
31 | File | `/manager/index.php` | High
|
||||
32 | File | `/medical/inventories.php` | High
|
||||
33 | File | `/medicines/profile.php` | High
|
||||
34 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
35 | File | `/modules/profile/index.php` | High
|
||||
36 | File | `/modules/projects/vw_files.php` | High
|
||||
37 | File | `/modules/public/calendar.php` | High
|
||||
38 | File | `/newsDia.php` | Medium
|
||||
39 | File | `/out.php` | Medium
|
||||
40 | File | `/proxy` | Low
|
||||
41 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
42 | File | `/reports/rwservlet` | High
|
||||
43 | File | `/sacco_shield/manage_user.php` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
46 | File | `/staff/bookdetails.php` | High
|
||||
47 | File | `/tmp` | Low
|
||||
48 | File | `/uncpath/` | Medium
|
||||
49 | File | `/user/update_booking.php` | High
|
||||
50 | File | `/WebInterface/UserManager/` | High
|
||||
51 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
52 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
53 | File | `01article.php` | High
|
||||
54 | File | `AbstractScheduleJob.java` | High
|
||||
55 | File | `actionphp/download.File.php` | High
|
||||
56 | File | `ActivityRecord.java` | High
|
||||
57 | File | `adclick.php` | Medium
|
||||
58 | File | `addtocart.asp` | High
|
||||
59 | ... | ... | ...
|
||||
2 | File | `/admin/api/admin/articles/` | High
|
||||
3 | File | `/admin/submit-articles` | High
|
||||
4 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
5 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
6 | File | `/apilog.php` | Medium
|
||||
7 | File | `/attachments` | Medium
|
||||
8 | File | `/bin/httpd` | Medium
|
||||
9 | File | `/bsms_ci/index.php/book` | High
|
||||
10 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
13 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
14 | File | `/etc/hosts` | Medium
|
||||
15 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
18 | File | `/fos/admin/index.php?page=menu` | High
|
||||
19 | File | `/goform/wizard_end` | High
|
||||
20 | File | `/home/masterConsole` | High
|
||||
21 | File | `/home/sendBroadcast` | High
|
||||
22 | File | `/hrm/employeeadd.php` | High
|
||||
23 | File | `/hrm/employeeview.php` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/items/view_item.php` | High
|
||||
26 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
27 | File | `/lookin/info` | Medium
|
||||
28 | File | `/medical/inventories.php` | High
|
||||
29 | File | `/medicines/profile.php` | High
|
||||
30 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
31 | File | `/modules/profile/index.php` | High
|
||||
32 | File | `/modules/public/calendar.php` | High
|
||||
33 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
34 | File | `/newsDia.php` | Medium
|
||||
35 | File | `/out.php` | Medium
|
||||
36 | File | `/php-opos/index.php` | High
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
39 | File | `/reports/rwservlet` | High
|
||||
40 | File | `/spip.php` | Medium
|
||||
41 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
42 | File | `/staff/bookdetails.php` | High
|
||||
43 | File | `/tmp` | Low
|
||||
44 | File | `/uncpath/` | Medium
|
||||
45 | File | `/user/update_booking.php` | High
|
||||
46 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
47 | File | `/video-sharing-script/watch-video.php` | High
|
||||
48 | File | `/wireless/security.asp` | High
|
||||
49 | File | `01article.php` | High
|
||||
50 | File | `AbstractScheduleJob.java` | High
|
||||
51 | File | `actionphp/download.File.php` | High
|
||||
52 | File | `ActivityRecord.java` | High
|
||||
53 | File | `adclick.php` | Medium
|
||||
54 | File | `admin.php` | Medium
|
||||
55 | File | `admin/abc.php` | High
|
||||
56 | File | `admin/add_payment.php` | High
|
||||
57 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
58 | ... | ... | ...
|
||||
|
||||
There are 519 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 507 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -60,30 +60,34 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
31 | [23.234.27.100](https://vuldb.com/?ip.23.234.27.100) | - | - | High
|
||||
32 | [23.235.199.50](https://vuldb.com/?ip.23.235.199.50) | - | - | High
|
||||
33 | [31.31.196.51](https://vuldb.com/?ip.31.31.196.51) | server222.hosting.reg.ru | - | High
|
||||
34 | [34.98.99.30](https://vuldb.com/?ip.34.98.99.30) | 30.99.98.34.bc.googleusercontent.com | - | Medium
|
||||
35 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
36 | [34.117.168.233](https://vuldb.com/?ip.34.117.168.233) | 233.168.117.34.bc.googleusercontent.com | - | Medium
|
||||
37 | [34.194.149.67](https://vuldb.com/?ip.34.194.149.67) | ec2-34-194-149-67.compute-1.amazonaws.com | - | Medium
|
||||
38 | [34.214.40.214](https://vuldb.com/?ip.34.214.40.214) | ec2-34-214-40-214.us-west-2.compute.amazonaws.com | - | Medium
|
||||
39 | [34.216.47.14](https://vuldb.com/?ip.34.216.47.14) | ec2-34-216-47-14.us-west-2.compute.amazonaws.com | - | Medium
|
||||
40 | [34.242.63.192](https://vuldb.com/?ip.34.242.63.192) | ec2-34-242-63-192.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
41 | [34.243.160.251](https://vuldb.com/?ip.34.243.160.251) | ec2-34-243-160-251.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
42 | [34.255.61.59](https://vuldb.com/?ip.34.255.61.59) | ec2-34-255-61-59.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
43 | [35.164.33.0](https://vuldb.com/?ip.35.164.33.0) | ec2-35-164-33-0.us-west-2.compute.amazonaws.com | - | Medium
|
||||
44 | [35.178.125.63](https://vuldb.com/?ip.35.178.125.63) | ec2-35-178-125-63.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
45 | [35.227.197.36](https://vuldb.com/?ip.35.227.197.36) | 36.197.227.35.bc.googleusercontent.com | - | Medium
|
||||
46 | [35.241.11.162](https://vuldb.com/?ip.35.241.11.162) | 162.11.241.35.bc.googleusercontent.com | - | Medium
|
||||
47 | [37.123.118.150](https://vuldb.com/?ip.37.123.118.150) | - | - | High
|
||||
48 | [38.63.50.68](https://vuldb.com/?ip.38.63.50.68) | - | - | High
|
||||
49 | [40.77.18.167](https://vuldb.com/?ip.40.77.18.167) | - | - | High
|
||||
50 | [40.126.26.134](https://vuldb.com/?ip.40.126.26.134) | - | - | High
|
||||
51 | [44.194.24.167](https://vuldb.com/?ip.44.194.24.167) | ec2-44-194-24-167.compute-1.amazonaws.com | - | Medium
|
||||
52 | [44.227.65.245](https://vuldb.com/?ip.44.227.65.245) | ec2-44-227-65-245.us-west-2.compute.amazonaws.com | - | Medium
|
||||
53 | [44.230.27.49](https://vuldb.com/?ip.44.230.27.49) | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | - | Medium
|
||||
54 | [44.230.85.241](https://vuldb.com/?ip.44.230.85.241) | ec2-44-230-85-241.us-west-2.compute.amazonaws.com | - | Medium
|
||||
55 | ... | ... | ... | ...
|
||||
34 | [31.170.160.82](https://vuldb.com/?ip.31.170.160.82) | srv18.000webhost.com | - | High
|
||||
35 | [34.98.99.30](https://vuldb.com/?ip.34.98.99.30) | 30.99.98.34.bc.googleusercontent.com | - | Medium
|
||||
36 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
37 | [34.117.168.233](https://vuldb.com/?ip.34.117.168.233) | 233.168.117.34.bc.googleusercontent.com | - | Medium
|
||||
38 | [34.194.149.67](https://vuldb.com/?ip.34.194.149.67) | ec2-34-194-149-67.compute-1.amazonaws.com | - | Medium
|
||||
39 | [34.214.40.214](https://vuldb.com/?ip.34.214.40.214) | ec2-34-214-40-214.us-west-2.compute.amazonaws.com | - | Medium
|
||||
40 | [34.216.47.14](https://vuldb.com/?ip.34.216.47.14) | ec2-34-216-47-14.us-west-2.compute.amazonaws.com | - | Medium
|
||||
41 | [34.242.63.192](https://vuldb.com/?ip.34.242.63.192) | ec2-34-242-63-192.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
42 | [34.243.160.251](https://vuldb.com/?ip.34.243.160.251) | ec2-34-243-160-251.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
43 | [34.255.61.59](https://vuldb.com/?ip.34.255.61.59) | ec2-34-255-61-59.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
44 | [35.164.33.0](https://vuldb.com/?ip.35.164.33.0) | ec2-35-164-33-0.us-west-2.compute.amazonaws.com | - | Medium
|
||||
45 | [35.178.125.63](https://vuldb.com/?ip.35.178.125.63) | ec2-35-178-125-63.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
46 | [35.227.197.36](https://vuldb.com/?ip.35.227.197.36) | 36.197.227.35.bc.googleusercontent.com | - | Medium
|
||||
47 | [35.241.11.162](https://vuldb.com/?ip.35.241.11.162) | 162.11.241.35.bc.googleusercontent.com | - | Medium
|
||||
48 | [35.244.140.114](https://vuldb.com/?ip.35.244.140.114) | 114.140.244.35.bc.googleusercontent.com | - | Medium
|
||||
49 | [37.123.118.150](https://vuldb.com/?ip.37.123.118.150) | - | - | High
|
||||
50 | [37.235.1.174](https://vuldb.com/?ip.37.235.1.174) | resolver1.freedns.zone.powered.by.virtexxa.com | - | High
|
||||
51 | [37.235.1.177](https://vuldb.com/?ip.37.235.1.177) | resolver2.freedns.zone.powered.by.virtexxa.com | - | High
|
||||
52 | [38.63.50.68](https://vuldb.com/?ip.38.63.50.68) | - | - | High
|
||||
53 | [40.77.18.167](https://vuldb.com/?ip.40.77.18.167) | - | - | High
|
||||
54 | [40.126.26.134](https://vuldb.com/?ip.40.126.26.134) | - | - | High
|
||||
55 | [44.194.24.167](https://vuldb.com/?ip.44.194.24.167) | ec2-44-194-24-167.compute-1.amazonaws.com | - | Medium
|
||||
56 | [44.227.65.245](https://vuldb.com/?ip.44.227.65.245) | ec2-44-227-65-245.us-west-2.compute.amazonaws.com | - | Medium
|
||||
57 | [44.230.27.49](https://vuldb.com/?ip.44.230.27.49) | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | - | Medium
|
||||
58 | [44.230.85.241](https://vuldb.com/?ip.44.230.85.241) | ec2-44-230-85-241.us-west-2.compute.amazonaws.com | - | Medium
|
||||
59 | ... | ... | ... | ...
|
||||
|
||||
There are 217 more IOC items available. Please use our online service to access the data.
|
||||
There are 232 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -142,6 +146,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2022/09/threat-roundup-0916-0923.html
|
||||
* https://blog.talosintelligence.com/2022/10/threat-roundup-0930-1007.html
|
||||
* https://blog.talosintelligence.com/2022/10/threat-roundup-1007-1014.html
|
||||
* https://blog.talosintelligence.com/threat-roundup-0127-0203/
|
||||
* https://blog.talosintelligence.com/threat-roundup-0217-0224/
|
||||
* https://blog.talosintelligence.com/threat-roundup-1111-1118/
|
||||
* https://blog.talosintelligence.com/threat-roundup-1202-1209/
|
||||
* https://cert.gov.ua/article/37688
|
||||
|
|
|
@ -0,0 +1,73 @@
|
|||
# Gabon Unknown - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gabon Unknown](https://vuldb.com/?actor.gabon_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gabon_unknown](https://vuldb.com/?actor.gabon_unknown)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gabon Unknown:
|
||||
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Gabon Unknown.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [41.72.224.0](https://vuldb.com/?ip.41.72.224.0) | - | - | High
|
||||
2 | [41.78.240.0](https://vuldb.com/?ip.41.78.240.0) | - | - | High
|
||||
3 | [41.158.0.0](https://vuldb.com/?ip.41.158.0.0) | - | - | High
|
||||
4 | [41.211.128.0](https://vuldb.com/?ip.41.211.128.0) | - | - | High
|
||||
5 | [41.223.168.0](https://vuldb.com/?ip.41.223.168.0) | - | - | High
|
||||
6 | [57.82.62.0](https://vuldb.com/?ip.57.82.62.0) | - | - | High
|
||||
7 | [84.254.156.0](https://vuldb.com/?ip.84.254.156.0) | 84-254-156-0.ip.skylogicnet.com | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
|
||||
There are 29 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Gabon Unknown_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
3 | T1078.001 | CWE-259 | Use of Hard-coded Password | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Gabon Unknown. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `AdxDSrv.exe` | Medium
|
||||
2 | File | `ajax.cgi` | Medium
|
||||
3 | File | `lquerylv` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_ga.netset
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -26,38 +26,39 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
3 | [5.39.221.60](https://vuldb.com/?ip.5.39.221.60) | - | - | High
|
||||
4 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | - | High
|
||||
5 | [5.144.168.210](https://vuldb.com/?ip.5.144.168.210) | mail.xdeers.com | - | High
|
||||
6 | [13.76.158.123](https://vuldb.com/?ip.13.76.158.123) | - | - | High
|
||||
7 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
8 | [20.42.65.92](https://vuldb.com/?ip.20.42.65.92) | - | - | High
|
||||
9 | [20.42.73.29](https://vuldb.com/?ip.20.42.73.29) | - | - | High
|
||||
10 | [20.50.64.11](https://vuldb.com/?ip.20.50.64.11) | - | - | High
|
||||
11 | [20.189.173.20](https://vuldb.com/?ip.20.189.173.20) | - | - | High
|
||||
12 | [23.100.15.180](https://vuldb.com/?ip.23.100.15.180) | - | - | High
|
||||
13 | [23.205.105.157](https://vuldb.com/?ip.23.205.105.157) | a23-205-105-157.deploy.static.akamaitechnologies.com | - | High
|
||||
14 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
|
||||
15 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
16 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
|
||||
17 | [39.107.34.197](https://vuldb.com/?ip.39.107.34.197) | - | - | High
|
||||
18 | [45.33.91.79](https://vuldb.com/?ip.45.33.91.79) | li1037-79.members.linode.com | - | High
|
||||
19 | [45.118.145.96](https://vuldb.com/?ip.45.118.145.96) | - | - | High
|
||||
20 | [46.32.228.22](https://vuldb.com/?ip.46.32.228.22) | 720808.vps-10.com | - | High
|
||||
21 | [47.75.206.148](https://vuldb.com/?ip.47.75.206.148) | - | - | High
|
||||
22 | [50.63.202.89](https://vuldb.com/?ip.50.63.202.89) | ip-50-63-202-89.ip.secureserver.net | - | High
|
||||
23 | [50.87.58.165](https://vuldb.com/?ip.50.87.58.165) | 50-87-58-165.unifiedlayer.com | - | High
|
||||
24 | [51.68.50.168](https://vuldb.com/?ip.51.68.50.168) | ip168.ip-51-68-50.eu | - | High
|
||||
25 | [51.254.25.115](https://vuldb.com/?ip.51.254.25.115) | ip115.ip-51-254-25.eu | - | High
|
||||
26 | [51.255.48.78](https://vuldb.com/?ip.51.255.48.78) | vps-ede152ed.vps.ovh.net | - | High
|
||||
27 | [52.17.9.185](https://vuldb.com/?ip.52.17.9.185) | ec2-52-17-9-185.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
28 | [52.29.192.136](https://vuldb.com/?ip.52.29.192.136) | ec2-52-29-192-136.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
29 | [52.58.78.16](https://vuldb.com/?ip.52.58.78.16) | ec2-52-58-78-16.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
30 | [52.116.175.70](https://vuldb.com/?ip.52.116.175.70) | hs20.name.tools | - | High
|
||||
31 | [52.168.117.173](https://vuldb.com/?ip.52.168.117.173) | - | - | High
|
||||
32 | [52.182.143.212](https://vuldb.com/?ip.52.182.143.212) | - | - | High
|
||||
33 | [54.36.194.90](https://vuldb.com/?ip.54.36.194.90) | ip90.ip-54-36-194.eu | - | High
|
||||
34 | [62.210.24.116](https://vuldb.com/?ip.62.210.24.116) | 62-210-24-116.rev.poneytelecom.eu | - | High
|
||||
35 | ... | ... | ... | ...
|
||||
6 | [13.37.189.21](https://vuldb.com/?ip.13.37.189.21) | ec2-13-37-189-21.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
7 | [13.76.158.123](https://vuldb.com/?ip.13.76.158.123) | - | - | High
|
||||
8 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
9 | [15.188.214.230](https://vuldb.com/?ip.15.188.214.230) | ec2-15-188-214-230.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
10 | [20.42.65.92](https://vuldb.com/?ip.20.42.65.92) | - | - | High
|
||||
11 | [20.42.73.29](https://vuldb.com/?ip.20.42.73.29) | - | - | High
|
||||
12 | [20.50.64.11](https://vuldb.com/?ip.20.50.64.11) | - | - | High
|
||||
13 | [20.189.173.20](https://vuldb.com/?ip.20.189.173.20) | - | - | High
|
||||
14 | [23.56.169.147](https://vuldb.com/?ip.23.56.169.147) | a23-56-169-147.deploy.static.akamaitechnologies.com | - | High
|
||||
15 | [23.56.169.152](https://vuldb.com/?ip.23.56.169.152) | a23-56-169-152.deploy.static.akamaitechnologies.com | - | High
|
||||
16 | [23.100.15.180](https://vuldb.com/?ip.23.100.15.180) | - | - | High
|
||||
17 | [23.205.105.157](https://vuldb.com/?ip.23.205.105.157) | a23-205-105-157.deploy.static.akamaitechnologies.com | - | High
|
||||
18 | [23.221.227.165](https://vuldb.com/?ip.23.221.227.165) | a23-221-227-165.deploy.static.akamaitechnologies.com | - | High
|
||||
19 | [23.221.227.172](https://vuldb.com/?ip.23.221.227.172) | a23-221-227-172.deploy.static.akamaitechnologies.com | - | High
|
||||
20 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
|
||||
21 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
22 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
|
||||
23 | [39.107.34.197](https://vuldb.com/?ip.39.107.34.197) | - | - | High
|
||||
24 | [45.33.91.79](https://vuldb.com/?ip.45.33.91.79) | li1037-79.members.linode.com | - | High
|
||||
25 | [45.118.145.96](https://vuldb.com/?ip.45.118.145.96) | - | - | High
|
||||
26 | [46.32.228.22](https://vuldb.com/?ip.46.32.228.22) | 720808.vps-10.com | - | High
|
||||
27 | [47.75.206.148](https://vuldb.com/?ip.47.75.206.148) | - | - | High
|
||||
28 | [50.63.202.89](https://vuldb.com/?ip.50.63.202.89) | ip-50-63-202-89.ip.secureserver.net | - | High
|
||||
29 | [50.87.58.165](https://vuldb.com/?ip.50.87.58.165) | 50-87-58-165.unifiedlayer.com | - | High
|
||||
30 | [51.15.229.127](https://vuldb.com/?ip.51.15.229.127) | 127-229-15-51.instances.scw.cloud | - | High
|
||||
31 | [51.68.50.168](https://vuldb.com/?ip.51.68.50.168) | ip168.ip-51-68-50.eu | - | High
|
||||
32 | [51.254.25.115](https://vuldb.com/?ip.51.254.25.115) | ip115.ip-51-254-25.eu | - | High
|
||||
33 | [51.255.48.78](https://vuldb.com/?ip.51.255.48.78) | vps-ede152ed.vps.ovh.net | - | High
|
||||
34 | [52.17.9.185](https://vuldb.com/?ip.52.17.9.185) | ec2-52-17-9-185.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
35 | [52.29.192.136](https://vuldb.com/?ip.52.29.192.136) | ec2-52-29-192-136.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
36 | ... | ... | ... | ...
|
||||
|
||||
There are 135 more IOC items available. Please use our online service to access the data.
|
||||
There are 141 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -103,12 +104,11 @@ ID | Type | Indicator | Confidence
|
|||
22 | File | `addentry.php` | Medium
|
||||
23 | File | `addressbookprovider.php` | High
|
||||
24 | File | `admin.jcomments.php` | High
|
||||
25 | File | `admin/pageUploadCSV.php` | High
|
||||
26 | File | `ajax_udf.php` | Medium
|
||||
27 | File | `AppCompatCache.exe` | High
|
||||
28 | ... | ... | ...
|
||||
25 | File | `admin/index.php` | High
|
||||
26 | File | `admin/pageUploadCSV.php` | High
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 240 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -127,6 +127,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/10/threat-roundup-1001-1008.html
|
||||
* https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
|
||||
* https://blog.talosintelligence.com/2022/05/threat-roundup-0429-0506.html
|
||||
* https://blog.talosintelligence.com/threat-roundup-0210-0217/
|
||||
* https://cert.gov.ua/article/2807
|
||||
* https://community.blueliv.com/#!/s/5afd59bd82df413e376682f2
|
||||
* https://isc.sans.edu/forums/diary/GandCrab+Ransomware+Now+Coming+From+Malspam/23321/
|
||||
|
|
|
@ -10,7 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
|
@ -118,60 +118,51 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/apply_noauth.cgi` | High
|
||||
4 | File | `/bin/sh` | Low
|
||||
5 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
6 | File | `/ctcprotocol/Protocol` | High
|
||||
7 | File | `/debug/pprof` | Medium
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/menu.html` | Medium
|
||||
10 | File | `/modules/snf/index.php` | High
|
||||
11 | File | `/obs/book.php` | High
|
||||
12 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
13 | File | `/ossn/administrator/com_installer` | High
|
||||
14 | File | `/pms/update_user.php?user_id=1` | High
|
||||
15 | File | `/resources//../` | High
|
||||
16 | File | `/subtitles.php` | High
|
||||
17 | File | `/sys/dict/queryTableData` | High
|
||||
18 | File | `/user/upload/upload` | High
|
||||
19 | File | `/vendor` | Low
|
||||
20 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
21 | File | `26.html` | Low
|
||||
22 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
23 | File | `adclick.php` | Medium
|
||||
24 | File | `add_contestant.php` | High
|
||||
25 | File | `add_postit.php` | High
|
||||
26 | File | `admin.php` | Medium
|
||||
27 | File | `admin/index.php` | High
|
||||
28 | File | `admin/make_payments.php` | High
|
||||
29 | File | `admin/shophelp.php` | High
|
||||
30 | File | `administration.jsp` | High
|
||||
31 | File | `adminquery.php` | High
|
||||
32 | File | `ansfaq.asp` | Medium
|
||||
33 | File | `APKINDEX.tar.gz` | High
|
||||
34 | File | `app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb` | High
|
||||
35 | File | `appconfig.ini` | High
|
||||
36 | File | `appGet.cgi` | Medium
|
||||
37 | File | `artreplydelete.asp` | High
|
||||
38 | File | `attachment.cgi` | High
|
||||
39 | File | `authpam.c` | Medium
|
||||
40 | File | `autocms.php` | Medium
|
||||
41 | File | `avahi-core/socket.c` | High
|
||||
42 | File | `banner.php` | Medium
|
||||
43 | File | `base_qry_main.php` | High
|
||||
44 | File | `bgp_packet.c` | Medium
|
||||
45 | File | `Binder.java` | Medium
|
||||
46 | File | `Blog.CGI` | Medium
|
||||
47 | File | `blogroll.php` | Medium
|
||||
48 | File | `boundary_rules.jsp` | High
|
||||
49 | File | `calendar.php` | Medium
|
||||
50 | File | `calendar_scheduler.php` | High
|
||||
51 | File | `cal_config.inc.php` | High
|
||||
52 | File | `category.php` | Medium
|
||||
53 | File | `Category.php` | Medium
|
||||
54 | File | `centrify.cmd.0` | High
|
||||
55 | File | `chrome-devtools-frontend.appspot.com` | High
|
||||
56 | File | `claro_init_global.inc.php` | High
|
||||
57 | ... | ... | ...
|
||||
6 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
7 | File | `/ctcprotocol/Protocol` | High
|
||||
8 | File | `/debug/pprof` | Medium
|
||||
9 | File | `/ebics-server/ebics.aspx` | High
|
||||
10 | File | `/ecshop/admin/template.php` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/forum/PostPrivateMessage` | High
|
||||
13 | File | `/menu.html` | Medium
|
||||
14 | File | `/modules/snf/index.php` | High
|
||||
15 | File | `/obs/book.php` | High
|
||||
16 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
17 | File | `/ossn/administrator/com_installer` | High
|
||||
18 | File | `/pms/update_user.php?user_id=1` | High
|
||||
19 | File | `/resources//../` | High
|
||||
20 | File | `/subtitles.php` | High
|
||||
21 | File | `/sys/dict/queryTableData` | High
|
||||
22 | File | `/user/upload/upload` | High
|
||||
23 | File | `/vendor` | Low
|
||||
24 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
25 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
26 | File | `adclick.php` | Medium
|
||||
27 | File | `add_contestant.php` | High
|
||||
28 | File | `add_postit.php` | High
|
||||
29 | File | `admin.php` | Medium
|
||||
30 | File | `admin/index.php` | High
|
||||
31 | File | `admin/make_payments.php` | High
|
||||
32 | File | `admin/shophelp.php` | High
|
||||
33 | File | `administration.jsp` | High
|
||||
34 | File | `adminquery.php` | High
|
||||
35 | File | `ansfaq.asp` | Medium
|
||||
36 | File | `APKINDEX.tar.gz` | High
|
||||
37 | File | `app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb` | High
|
||||
38 | File | `appconfig.ini` | High
|
||||
39 | File | `appGet.cgi` | Medium
|
||||
40 | File | `artreplydelete.asp` | High
|
||||
41 | File | `AtlTraceTool8.exe` | High
|
||||
42 | File | `attachment.cgi` | High
|
||||
43 | File | `autocms.php` | Medium
|
||||
44 | File | `avahi-core/socket.c` | High
|
||||
45 | File | `base_qry_main.php` | High
|
||||
46 | File | `bgp_packet.c` | Medium
|
||||
47 | File | `Binder.java` | Medium
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 498 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 412 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Goldfin:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
|
|
@ -56,7 +56,7 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/_error` | Low
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 55 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 57 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
@ -50,36 +50,36 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/api/admin/articles/` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
7 | File | `/admin/generalsettings.php` | High
|
||||
8 | File | `/Admin/login.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/reports.php` | High
|
||||
11 | File | `/admin/showbad.php` | High
|
||||
12 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
2 | File | `/Admin/add-student.php` | High
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/admin/conferences/list/` | High
|
||||
5 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
6 | File | `/admin/generalsettings.php` | High
|
||||
7 | File | `/Admin/login.php` | High
|
||||
8 | File | `/admin/payment.php` | High
|
||||
9 | File | `/admin/reports.php` | High
|
||||
10 | File | `/admin/showbad.php` | High
|
||||
11 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
12 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
13 | File | `/apilog.php` | Medium
|
||||
14 | File | `/cgi-bin/kerbynet` | High
|
||||
14 | File | `/bin/httpd` | Medium
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/connectors/index.php` | High
|
||||
17 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
18 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
19 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
20 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/hrm/employeeadd.php` | High
|
||||
23 | File | `/hrm/employeeview.php` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/info.cgi` | Medium
|
||||
26 | File | `/Items/*/RemoteImages/Download` | High
|
||||
27 | File | `/items/view_item.php` | High
|
||||
28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
29 | File | `/lists/admin/` | High
|
||||
30 | File | `/lookin/info` | Medium
|
||||
31 | File | `/MagickCore/image.c` | High
|
||||
18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
19 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
22 | File | `/fos/admin/index.php?page=menu` | High
|
||||
23 | File | `/home/masterConsole` | High
|
||||
24 | File | `/home/sendBroadcast` | High
|
||||
25 | File | `/hrm/employeeadd.php` | High
|
||||
26 | File | `/hrm/employeeview.php` | High
|
||||
27 | File | `/index.php` | Medium
|
||||
28 | File | `/Items/*/RemoteImages/Download` | High
|
||||
29 | File | `/items/view_item.php` | High
|
||||
30 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
31 | File | `/lookin/info` | Medium
|
||||
32 | File | `/manager/index.php` | High
|
||||
33 | File | `/medical/inventories.php` | High
|
||||
34 | File | `/modules/profile/index.php` | High
|
||||
|
@ -87,31 +87,31 @@ ID | Type | Indicator | Confidence
|
|||
36 | File | `/modules/public/calendar.php` | High
|
||||
37 | File | `/newsDia.php` | Medium
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/public/launchNewWindow.jsp` | High
|
||||
41 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
42 | File | `/reports/rwservlet` | High
|
||||
43 | File | `/sacco_shield/manage_user.php` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
46 | File | `/staff/bookdetails.php` | High
|
||||
47 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
48 | File | `/user/update_booking.php` | High
|
||||
49 | File | `/WEB-INF/web.xml` | High
|
||||
50 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
51 | File | `/Wedding-Management/package_detail.php` | High
|
||||
52 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
53 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
54 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
55 | File | `AbstractScheduleJob.java` | High
|
||||
56 | File | `actionphp/download.File.php` | High
|
||||
57 | File | `AdClass.php` | Medium
|
||||
58 | File | `adclick.php` | Medium
|
||||
59 | File | `addtocart.asp` | High
|
||||
60 | File | `admin.php` | Medium
|
||||
39 | File | `/php-opos/index.php` | High
|
||||
40 | File | `/proxy` | Low
|
||||
41 | File | `/public/launchNewWindow.jsp` | High
|
||||
42 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
43 | File | `/reports/rwservlet` | High
|
||||
44 | File | `/sacco_shield/manage_user.php` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
47 | File | `/staff/bookdetails.php` | High
|
||||
48 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
49 | File | `/uncpath/` | Medium
|
||||
50 | File | `/user/update_booking.php` | High
|
||||
51 | File | `/WEB-INF/web.xml` | High
|
||||
52 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
53 | File | `/wireless/security.asp` | High
|
||||
54 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
55 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
56 | File | `01article.php` | High
|
||||
57 | File | `AbstractScheduleJob.java` | High
|
||||
58 | File | `actionphp/download.File.php` | High
|
||||
59 | File | `AdClass.php` | Medium
|
||||
60 | File | `adclick.php` | Medium
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 531 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 536 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,56 @@
|
|||
# Jamaica Unknown - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Jamaica Unknown](https://vuldb.com/?actor.jamaica_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.jamaica_unknown](https://vuldb.com/?actor.jamaica_unknown)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Jamaica Unknown.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.156.32.0](https://vuldb.com/?ip.23.156.32.0) | - | - | High
|
||||
2 | [50.114.104.0](https://vuldb.com/?ip.50.114.104.0) | - | - | High
|
||||
3 | [57.74.98.0](https://vuldb.com/?ip.57.74.98.0) | - | - | High
|
||||
4 | [57.91.112.0](https://vuldb.com/?ip.57.91.112.0) | - | - | High
|
||||
5 | [63.75.234.0](https://vuldb.com/?ip.63.75.234.0) | - | - | High
|
||||
6 | [63.143.64.0](https://vuldb.com/?ip.63.143.64.0) | - | - | High
|
||||
7 | [63.143.72.0](https://vuldb.com/?ip.63.143.72.0) | - | - | High
|
||||
8 | [63.143.77.0](https://vuldb.com/?ip.63.143.77.0) | - | - | High
|
||||
9 | [63.143.78.0](https://vuldb.com/?ip.63.143.78.0) | - | - | High
|
||||
10 | [63.143.80.0](https://vuldb.com/?ip.63.143.80.0) | - | - | High
|
||||
11 | [63.143.84.0](https://vuldb.com/?ip.63.143.84.0) | - | - | High
|
||||
12 | [63.143.87.0](https://vuldb.com/?ip.63.143.87.0) | - | - | High
|
||||
13 | [63.143.88.0](https://vuldb.com/?ip.63.143.88.0) | digijmres-0-88-143-63.digicelbroadband.com | - | High
|
||||
14 | [63.143.96.0](https://vuldb.com/?ip.63.143.96.0) | - | - | High
|
||||
15 | [63.143.100.0](https://vuldb.com/?ip.63.143.100.0) | digijmres-0-100-143-63.digicelbroadband.com | - | High
|
||||
16 | [63.143.102.0](https://vuldb.com/?ip.63.143.102.0) | digijmres-0-102-143-63.digicelbroadband.com | - | High
|
||||
17 | [63.143.104.0](https://vuldb.com/?ip.63.143.104.0) | - | - | High
|
||||
18 | [63.143.107.0](https://vuldb.com/?ip.63.143.107.0) | - | - | High
|
||||
19 | [63.143.108.0](https://vuldb.com/?ip.63.143.108.0) | - | - | High
|
||||
20 | [63.143.110.0](https://vuldb.com/?ip.63.143.110.0) | - | - | High
|
||||
21 | [63.143.112.0](https://vuldb.com/?ip.63.143.112.0) | - | - | High
|
||||
22 | [64.112.16.0](https://vuldb.com/?ip.64.112.16.0) | - | - | High
|
||||
23 | [65.183.0.0](https://vuldb.com/?ip.65.183.0.0) | - | - | High
|
||||
24 | [66.54.112.0](https://vuldb.com/?ip.66.54.112.0) | - | - | High
|
||||
25 | ... | ... | ... | ...
|
||||
|
||||
There are 94 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_jm.netset
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,84 @@
|
|||
# Jersey Unknown - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Jersey Unknown](https://vuldb.com/?actor.jersey_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.jersey_unknown](https://vuldb.com/?actor.jersey_unknown)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Jersey Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Jersey Unknown.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.35.160.0](https://vuldb.com/?ip.5.35.160.0) | - | - | High
|
||||
2 | [5.42.128.0](https://vuldb.com/?ip.5.42.128.0) | - | - | High
|
||||
3 | [31.186.112.0](https://vuldb.com/?ip.31.186.112.0) | - | - | High
|
||||
4 | [37.156.38.0](https://vuldb.com/?ip.37.156.38.0) | - | - | High
|
||||
5 | [46.254.248.0](https://vuldb.com/?ip.46.254.248.0) | - | - | High
|
||||
6 | [62.68.160.0](https://vuldb.com/?ip.62.68.160.0) | bbdj62.68.160.0.network.sure.com | - | High
|
||||
7 | [62.68.168.0](https://vuldb.com/?ip.62.68.168.0) | - | - | High
|
||||
8 | [62.68.176.0](https://vuldb.com/?ip.62.68.176.0) | - | - | High
|
||||
9 | [62.68.184.0](https://vuldb.com/?ip.62.68.184.0) | - | - | High
|
||||
10 | [81.20.176.0](https://vuldb.com/?ip.81.20.176.0) | 81-20-176-0.wimax-dynamic1.newtel.je | - | High
|
||||
11 | [82.112.128.0](https://vuldb.com/?ip.82.112.128.0) | - | - | High
|
||||
12 | ... | ... | ... | ...
|
||||
|
||||
There are 44 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Jersey Unknown_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Jersey Unknown. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/controllers/MgrDiagnosticTools.php` | High
|
||||
2 | File | `/forum/away.php` | High
|
||||
3 | File | `/inc/lists/csvexport.php` | High
|
||||
4 | File | `add_comment.php` | High
|
||||
5 | File | `board.php` | Medium
|
||||
6 | File | `comment_add.asp` | High
|
||||
7 | File | `configuration.php` | High
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 53 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_je.netset
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -15,8 +15,11 @@ The following _campaigns_ are known and can be associated with LULU:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LULU:
|
||||
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -59,7 +62,7 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `assets/javascripts/workflowStepEditorKO.js` | High
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 60 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 61 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -35,233 +35,238 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [1.251.44.118](https://vuldb.com/?ip.1.251.44.118) | - | - | High
|
||||
2 | [2.50.22.137](https://vuldb.com/?ip.2.50.22.137) | - | Hidden Cobra | High
|
||||
3 | [2.50.22.189](https://vuldb.com/?ip.2.50.22.189) | - | Hidden Cobra | High
|
||||
4 | [2.50.25.205](https://vuldb.com/?ip.2.50.25.205) | - | Hidden Cobra | High
|
||||
5 | [2.50.27.239](https://vuldb.com/?ip.2.50.27.239) | - | Hidden Cobra | High
|
||||
6 | [2.50.40.245](https://vuldb.com/?ip.2.50.40.245) | - | Hidden Cobra | High
|
||||
7 | [2.93.86.36](https://vuldb.com/?ip.2.93.86.36) | - | Hidden Cobra | High
|
||||
8 | [2.93.86.38](https://vuldb.com/?ip.2.93.86.38) | - | Hidden Cobra | High
|
||||
9 | [2.93.86.65](https://vuldb.com/?ip.2.93.86.65) | - | Hidden Cobra | High
|
||||
10 | [2.93.86.89](https://vuldb.com/?ip.2.93.86.89) | - | Hidden Cobra | High
|
||||
11 | [2.93.86.106](https://vuldb.com/?ip.2.93.86.106) | - | Hidden Cobra | High
|
||||
12 | [2.93.86.136](https://vuldb.com/?ip.2.93.86.136) | - | Hidden Cobra | High
|
||||
13 | [2.93.86.150](https://vuldb.com/?ip.2.93.86.150) | - | Hidden Cobra | High
|
||||
14 | [2.93.86.194](https://vuldb.com/?ip.2.93.86.194) | - | Hidden Cobra | High
|
||||
15 | [2.93.86.197](https://vuldb.com/?ip.2.93.86.197) | - | Hidden Cobra | High
|
||||
16 | [2.93.86.224](https://vuldb.com/?ip.2.93.86.224) | - | Hidden Cobra | High
|
||||
17 | [2.93.86.226](https://vuldb.com/?ip.2.93.86.226) | - | Hidden Cobra | High
|
||||
18 | [2.93.86.247](https://vuldb.com/?ip.2.93.86.247) | - | Hidden Cobra | High
|
||||
19 | [2.93.86.251](https://vuldb.com/?ip.2.93.86.251) | - | Hidden Cobra | High
|
||||
20 | [2.93.86.253](https://vuldb.com/?ip.2.93.86.253) | - | Hidden Cobra | High
|
||||
21 | [2.93.131.116](https://vuldb.com/?ip.2.93.131.116) | - | Hidden Cobra | High
|
||||
22 | [2.93.131.179](https://vuldb.com/?ip.2.93.131.179) | - | Hidden Cobra | High
|
||||
23 | [2.93.238.2](https://vuldb.com/?ip.2.93.238.2) | - | Hidden Cobra | High
|
||||
24 | [2.93.238.12](https://vuldb.com/?ip.2.93.238.12) | - | Hidden Cobra | High
|
||||
25 | [2.93.238.20](https://vuldb.com/?ip.2.93.238.20) | - | Hidden Cobra | High
|
||||
26 | [2.93.238.26](https://vuldb.com/?ip.2.93.238.26) | - | Hidden Cobra | High
|
||||
27 | [2.93.238.35](https://vuldb.com/?ip.2.93.238.35) | - | Hidden Cobra | High
|
||||
28 | [2.93.238.93](https://vuldb.com/?ip.2.93.238.93) | - | Hidden Cobra | High
|
||||
29 | [2.93.238.146](https://vuldb.com/?ip.2.93.238.146) | - | Hidden Cobra | High
|
||||
30 | [2.93.238.167](https://vuldb.com/?ip.2.93.238.167) | - | Hidden Cobra | High
|
||||
31 | [2.93.238.176](https://vuldb.com/?ip.2.93.238.176) | - | Hidden Cobra | High
|
||||
32 | [2.93.238.183](https://vuldb.com/?ip.2.93.238.183) | - | Hidden Cobra | High
|
||||
33 | [2.93.238.199](https://vuldb.com/?ip.2.93.238.199) | - | Hidden Cobra | High
|
||||
34 | [2.93.238.213](https://vuldb.com/?ip.2.93.238.213) | - | Hidden Cobra | High
|
||||
35 | [2.93.238.215](https://vuldb.com/?ip.2.93.238.215) | - | Hidden Cobra | High
|
||||
36 | [2.93.238.222](https://vuldb.com/?ip.2.93.238.222) | - | Hidden Cobra | High
|
||||
37 | [2.93.238.252](https://vuldb.com/?ip.2.93.238.252) | - | Hidden Cobra | High
|
||||
38 | [2.93.238.253](https://vuldb.com/?ip.2.93.238.253) | - | Hidden Cobra | High
|
||||
39 | [2.93.248.5](https://vuldb.com/?ip.2.93.248.5) | - | Hidden Cobra | High
|
||||
40 | [2.93.248.46](https://vuldb.com/?ip.2.93.248.46) | - | Hidden Cobra | High
|
||||
41 | [2.94.53.139](https://vuldb.com/?ip.2.94.53.139) | - | Hidden Cobra | High
|
||||
42 | [2.94.65.211](https://vuldb.com/?ip.2.94.65.211) | - | Hidden Cobra | High
|
||||
43 | [2.94.65.246](https://vuldb.com/?ip.2.94.65.246) | - | Hidden Cobra | High
|
||||
44 | [2.94.82.42](https://vuldb.com/?ip.2.94.82.42) | - | Hidden Cobra | High
|
||||
45 | [2.94.117.30](https://vuldb.com/?ip.2.94.117.30) | - | Hidden Cobra | High
|
||||
46 | [2.94.117.46](https://vuldb.com/?ip.2.94.117.46) | - | Hidden Cobra | High
|
||||
47 | [2.94.117.47](https://vuldb.com/?ip.2.94.117.47) | - | Hidden Cobra | High
|
||||
48 | [2.94.117.56](https://vuldb.com/?ip.2.94.117.56) | - | Hidden Cobra | High
|
||||
49 | [2.94.209.30](https://vuldb.com/?ip.2.94.209.30) | - | Hidden Cobra | High
|
||||
50 | [2.187.99.180](https://vuldb.com/?ip.2.187.99.180) | - | Hidden Cobra | High
|
||||
51 | [3.239.189.175](https://vuldb.com/?ip.3.239.189.175) | ec2-3-239-189-175.compute-1.amazonaws.com | - | Medium
|
||||
52 | [5.22.137.178](https://vuldb.com/?ip.5.22.137.178) | mail.bpdl.co.uk | Hidden Cobra | High
|
||||
53 | [5.22.140.93](https://vuldb.com/?ip.5.22.140.93) | 5-22-140-93.host.as51043.net | Hidden Cobra | High
|
||||
54 | [5.41.88.137](https://vuldb.com/?ip.5.41.88.137) | - | Hidden Cobra | High
|
||||
55 | [5.41.89.32](https://vuldb.com/?ip.5.41.89.32) | - | Hidden Cobra | High
|
||||
56 | [5.41.94.221](https://vuldb.com/?ip.5.41.94.221) | - | Hidden Cobra | High
|
||||
57 | [5.41.190.7](https://vuldb.com/?ip.5.41.190.7) | - | Hidden Cobra | High
|
||||
58 | [5.41.201.151](https://vuldb.com/?ip.5.41.201.151) | - | Hidden Cobra | High
|
||||
59 | [5.41.237.214](https://vuldb.com/?ip.5.41.237.214) | - | Hidden Cobra | High
|
||||
60 | [5.79.99.169](https://vuldb.com/?ip.5.79.99.169) | nsg037-19.divide.nl | Fallchill | High
|
||||
61 | [5.98.91.76](https://vuldb.com/?ip.5.98.91.76) | host-5-98-91-76.business.telecomitalia.it | Hidden Cobra | High
|
||||
62 | [5.141.87.156](https://vuldb.com/?ip.5.141.87.156) | 5-141-97-156.static-adsl.isurgut.ru | Hidden Cobra | High
|
||||
63 | [5.189.190.67](https://vuldb.com/?ip.5.189.190.67) | m2767.contaboserver.net | Hidden Cobra | High
|
||||
64 | [5.200.154.208](https://vuldb.com/?ip.5.200.154.208) | - | Hidden Cobra | High
|
||||
65 | [5.200.177.218](https://vuldb.com/?ip.5.200.177.218) | - | Hidden Cobra | High
|
||||
66 | [5.200.191.104](https://vuldb.com/?ip.5.200.191.104) | - | Hidden Cobra | High
|
||||
67 | [5.200.198.10](https://vuldb.com/?ip.5.200.198.10) | - | Hidden Cobra | High
|
||||
68 | [5.200.202.99](https://vuldb.com/?ip.5.200.202.99) | - | Hidden Cobra | High
|
||||
69 | [13.88.245.250](https://vuldb.com/?ip.13.88.245.250) | - | - | High
|
||||
70 | [14.102.46.3](https://vuldb.com/?ip.14.102.46.3) | - | Volgmer | High
|
||||
71 | [14.139.125.214](https://vuldb.com/?ip.14.139.125.214) | - | Volgmer | High
|
||||
72 | [14.140.123.179](https://vuldb.com/?ip.14.140.123.179) | 14.140.123.179.static-pune-vsnl.net.in | Hidden Cobra | High
|
||||
73 | [14.141.27.100](https://vuldb.com/?ip.14.141.27.100) | 14.141.26.100.static-Mumbai.vsnl.net.in | Hidden Cobra | High
|
||||
74 | [14.141.129.116](https://vuldb.com/?ip.14.141.129.116) | 14.141.129.116.static-Delhi.vsnl.net.in | Volgmer | High
|
||||
75 | [14.149.149.211](https://vuldb.com/?ip.14.149.149.211) | - | Hidden Cobra | High
|
||||
76 | [21.252.107.198](https://vuldb.com/?ip.21.252.107.198) | - | Hoplight | High
|
||||
77 | [23.81.246.107](https://vuldb.com/?ip.23.81.246.107) | - | - | High
|
||||
78 | [23.81.246.131](https://vuldb.com/?ip.23.81.246.131) | - | South Korea | High
|
||||
79 | [23.81.246.179](https://vuldb.com/?ip.23.81.246.179) | - | - | High
|
||||
80 | [23.82.141.50](https://vuldb.com/?ip.23.82.141.50) | - | - | High
|
||||
81 | [23.82.141.172](https://vuldb.com/?ip.23.82.141.172) | - | - | High
|
||||
82 | [23.94.37.55](https://vuldb.com/?ip.23.94.37.55) | 23-94-37-55-host.colocrossing.com | - | High
|
||||
83 | [23.94.139.92](https://vuldb.com/?ip.23.94.139.92) | 23-94-139-92-host.colocrossing.com | - | High
|
||||
84 | [23.95.67.143](https://vuldb.com/?ip.23.95.67.143) | 23-95-67-143-host.colocrossing.com | - | High
|
||||
85 | [23.106.160.40](https://vuldb.com/?ip.23.106.160.40) | - | - | High
|
||||
86 | [23.106.223.194](https://vuldb.com/?ip.23.106.223.194) | - | - | High
|
||||
87 | [23.108.57.232](https://vuldb.com/?ip.23.108.57.232) | - | - | High
|
||||
88 | [23.152.0.232](https://vuldb.com/?ip.23.152.0.232) | betrp-basisto.seemband.com | - | High
|
||||
89 | [23.227.196.5](https://vuldb.com/?ip.23.227.196.5) | 23-227-196-5.static.hvvc.us | - | High
|
||||
90 | [23.227.196.116](https://vuldb.com/?ip.23.227.196.116) | 23-227-196-116.static.hvvc.us | - | High
|
||||
91 | [23.227.199.21](https://vuldb.com/?ip.23.227.199.21) | 23-227-199-21.static.hvvc.us | - | High
|
||||
92 | [23.227.199.53](https://vuldb.com/?ip.23.227.199.53) | 23-227-199-53.static.hvvc.us | - | High
|
||||
93 | [23.227.199.69](https://vuldb.com/?ip.23.227.199.69) | 23-227-199-69.static.hvvc.us | - | High
|
||||
94 | [23.229.111.197](https://vuldb.com/?ip.23.229.111.197) | - | - | High
|
||||
95 | [23.254.119.12](https://vuldb.com/?ip.23.254.119.12) | - | - | High
|
||||
96 | [26.165.218.44](https://vuldb.com/?ip.26.165.218.44) | - | Hoplight | High
|
||||
97 | [27.96.110.130](https://vuldb.com/?ip.27.96.110.130) | 130.110.96.27.static.m1net.com.sg | Hidden Cobra | High
|
||||
98 | [27.114.187.37](https://vuldb.com/?ip.27.114.187.37) | - | Volgmer | High
|
||||
99 | [27.123.221.66](https://vuldb.com/?ip.27.123.221.66) | 66-221.fiber.net.id | Fallchill | High
|
||||
100 | [27.125.35.229](https://vuldb.com/?ip.27.125.35.229) | - | Hidden Cobra | High
|
||||
101 | [31.11.32.79](https://vuldb.com/?ip.31.11.32.79) | websn1s069.aruba.it | Netherlands and Belgium | High
|
||||
102 | [31.47.47.130](https://vuldb.com/?ip.31.47.47.130) | - | Hidden Cobra | High
|
||||
103 | [31.54.73.156](https://vuldb.com/?ip.31.54.73.156) | host31-54-73-156.range31-54.btcentralplus.com | Hidden Cobra | High
|
||||
104 | [31.54.74.176](https://vuldb.com/?ip.31.54.74.176) | host31-54-74-176.range31-54.btcentralplus.com | Hidden Cobra | High
|
||||
105 | [31.146.82.22](https://vuldb.com/?ip.31.146.82.22) | 31-146-82-22.dsl.utg.ge | Volgmer | High
|
||||
106 | [31.146.136.6](https://vuldb.com/?ip.31.146.136.6) | 31-146-136-6.dsl.utg.ge | Hidden Cobra | High
|
||||
107 | [31.168.203.44](https://vuldb.com/?ip.31.168.203.44) | bzq-203-168-31-44.red.bezeqint.net | Hidden Cobra | High
|
||||
108 | [31.186.8.221](https://vuldb.com/?ip.31.186.8.221) | - | - | High
|
||||
109 | [36.71.90.4](https://vuldb.com/?ip.36.71.90.4) | - | Fallchill | High
|
||||
110 | [37.34.240.177](https://vuldb.com/?ip.37.34.240.177) | - | Hidden Cobra | High
|
||||
111 | [37.48.106.69](https://vuldb.com/?ip.37.48.106.69) | high-convey.blockother.com | Hidden Cobra | High
|
||||
112 | [37.71.50.2](https://vuldb.com/?ip.37.71.50.2) | 2.50.71.37.rev.sfr.net | Hidden Cobra | High
|
||||
113 | [37.72.168.228](https://vuldb.com/?ip.37.72.168.228) | 228.168.72.37.static.swiftway.net | - | High
|
||||
114 | [37.72.175.135](https://vuldb.com/?ip.37.72.175.135) | 37-72-175-135.static.hvvc.us | - | High
|
||||
115 | [37.72.175.179](https://vuldb.com/?ip.37.72.175.179) | 37-72-175-179.static.hvvc.us | - | High
|
||||
116 | [37.72.175.196](https://vuldb.com/?ip.37.72.175.196) | 37-72-175-196.static.hvvc.us | - | High
|
||||
117 | [37.75.0.98](https://vuldb.com/?ip.37.75.0.98) | - | Hidden Cobra | High
|
||||
118 | [37.75.2.203](https://vuldb.com/?ip.37.75.2.203) | - | Hidden Cobra | High
|
||||
119 | [37.75.10.194](https://vuldb.com/?ip.37.75.10.194) | mail.kplus.com.tr | Hidden Cobra | High
|
||||
120 | [37.75.11.162](https://vuldb.com/?ip.37.75.11.162) | 37-75-11-162.rdns.saglayici.net | Hidden Cobra | High
|
||||
121 | [37.98.114.90](https://vuldb.com/?ip.37.98.114.90) | 90.mobinnet.net | Volgmer | High
|
||||
122 | [37.104.24.220](https://vuldb.com/?ip.37.104.24.220) | - | Hidden Cobra | High
|
||||
123 | [37.104.50.144](https://vuldb.com/?ip.37.104.50.144) | - | Hidden Cobra | High
|
||||
124 | [37.104.67.33](https://vuldb.com/?ip.37.104.67.33) | - | Hidden Cobra | High
|
||||
125 | [37.105.234.200](https://vuldb.com/?ip.37.105.234.200) | - | Hidden Cobra | High
|
||||
126 | [37.106.115.3](https://vuldb.com/?ip.37.106.115.3) | - | Hidden Cobra | High
|
||||
127 | [37.143.29.10](https://vuldb.com/?ip.37.143.29.10) | - | Hidden Cobra | High
|
||||
128 | [37.148.209.156](https://vuldb.com/?ip.37.148.209.156) | 37-148-209-156.cizgi.net.tr | Hidden Cobra | High
|
||||
129 | [37.216.67.155](https://vuldb.com/?ip.37.216.67.155) | - | Volgmer | High
|
||||
130 | [37.216.213.70](https://vuldb.com/?ip.37.216.213.70) | - | Hidden Cobra | High
|
||||
131 | [37.235.21.166](https://vuldb.com/?ip.37.235.21.166) | - | Volgmer | High
|
||||
132 | [37.238.135.70](https://vuldb.com/?ip.37.238.135.70) | - | - | High
|
||||
133 | [38.132.124.161](https://vuldb.com/?ip.38.132.124.161) | - | TraderTraitor | High
|
||||
134 | [40.121.90.194](https://vuldb.com/?ip.40.121.90.194) | - | - | High
|
||||
135 | [41.57.108.68](https://vuldb.com/?ip.41.57.108.68) | - | Hidden Cobra | High
|
||||
136 | [41.67.136.38](https://vuldb.com/?ip.41.67.136.38) | netcomafrica.com | Hidden Cobra | High
|
||||
137 | [41.67.136.39](https://vuldb.com/?ip.41.67.136.39) | netcomafrica.com | Hidden Cobra | High
|
||||
138 | [41.72.99.5](https://vuldb.com/?ip.41.72.99.5) | - | Hidden Cobra | High
|
||||
139 | [41.72.101.138](https://vuldb.com/?ip.41.72.101.138) | - | Hidden Cobra | High
|
||||
140 | [41.74.166.253](https://vuldb.com/?ip.41.74.166.253) | - | Hidden Cobra | High
|
||||
141 | [41.92.208.194](https://vuldb.com/?ip.41.92.208.194) | - | Fallchill | High
|
||||
142 | [41.92.208.196](https://vuldb.com/?ip.41.92.208.196) | - | Fallchill | High
|
||||
143 | [41.92.208.197](https://vuldb.com/?ip.41.92.208.197) | - | Fallchill | High
|
||||
144 | [41.110.179.197](https://vuldb.com/?ip.41.110.179.197) | - | Hidden Cobra | High
|
||||
145 | [41.128.226.60](https://vuldb.com/?ip.41.128.226.60) | - | Hidden Cobra | High
|
||||
146 | [41.131.49.228](https://vuldb.com/?ip.41.131.49.228) | host-41-131-49-228.static.link.com.eg | Hidden Cobra | High
|
||||
147 | [41.131.164.156](https://vuldb.com/?ip.41.131.164.156) | - | Hidden Cobra | High
|
||||
148 | [41.134.208.234](https://vuldb.com/?ip.41.134.208.234) | 41-134-208-234.dsl.mweb.co.za | Hidden Cobra | High
|
||||
149 | [41.182.252.56](https://vuldb.com/?ip.41.182.252.56) | ADSL-41-182-252-56.ipb.na | Hidden Cobra | High
|
||||
150 | [41.205.139.34](https://vuldb.com/?ip.41.205.139.34) | ADSL-41-205-139-34.ipb.na | Hidden Cobra | High
|
||||
151 | [41.208.106.68](https://vuldb.com/?ip.41.208.106.68) | owa.altaqnya.com.ly | Hidden Cobra | High
|
||||
152 | [41.208.106.70](https://vuldb.com/?ip.41.208.106.70) | dc1.Mail.dsmhlc.ly | Hidden Cobra | High
|
||||
153 | [41.215.250.40](https://vuldb.com/?ip.41.215.250.40) | - | Hidden Cobra | High
|
||||
154 | [41.223.30.20](https://vuldb.com/?ip.41.223.30.20) | host30-20.creolink.com | Hidden Cobra | High
|
||||
155 | [41.224.254.90](https://vuldb.com/?ip.41.224.254.90) | - | Hidden Cobra | High
|
||||
156 | [43.249.216.6](https://vuldb.com/?ip.43.249.216.6) | - | Volgmer | High
|
||||
157 | [45.33.2.79](https://vuldb.com/?ip.45.33.2.79) | li956-79.members.linode.com | AppleJeus | High
|
||||
158 | [45.33.23.183](https://vuldb.com/?ip.45.33.23.183) | li977-183.members.linode.com | AppleJeus | High
|
||||
159 | [45.56.79.23](https://vuldb.com/?ip.45.56.79.23) | li929-23.members.linode.com | AppleJeus | High
|
||||
160 | [45.58.112.77](https://vuldb.com/?ip.45.58.112.77) | - | - | High
|
||||
161 | [45.79.19.196](https://vuldb.com/?ip.45.79.19.196) | li1118-196.members.linode.com | AppleJeus | High
|
||||
162 | [45.118.34.215](https://vuldb.com/?ip.45.118.34.215) | - | Volgmer | High
|
||||
163 | [45.120.61.145](https://vuldb.com/?ip.45.120.61.145) | - | Hidden Cobra | High
|
||||
164 | [45.122.138.130](https://vuldb.com/?ip.45.122.138.130) | - | - | High
|
||||
165 | [45.124.169.36](https://vuldb.com/?ip.45.124.169.36) | - | Volgmer | High
|
||||
166 | [45.128.156.27](https://vuldb.com/?ip.45.128.156.27) | smtp.flatmeadow.com | - | High
|
||||
167 | [45.199.63.220](https://vuldb.com/?ip.45.199.63.220) | - | AppleJeus | High
|
||||
168 | [46.16.62.238](https://vuldb.com/?ip.46.16.62.238) | fnadh-35.srv.cat | TraderTraitor | High
|
||||
169 | [46.19.101.186](https://vuldb.com/?ip.46.19.101.186) | ip-46-19-101-186.gnc.net | Hidden Cobra | High
|
||||
170 | [46.21.147.161](https://vuldb.com/?ip.46.21.147.161) | 46-21-147-161.static.hvvc.us | - | High
|
||||
171 | [46.21.153.87](https://vuldb.com/?ip.46.21.153.87) | 87.153.21.46.static.swiftway.net | - | High
|
||||
172 | [46.52.131.102](https://vuldb.com/?ip.46.52.131.102) | - | Hidden Cobra | High
|
||||
173 | [46.121.242.180](https://vuldb.com/?ip.46.121.242.180) | 46-121-242-180.static.012.net.il | Hidden Cobra | High
|
||||
174 | [46.174.116.60](https://vuldb.com/?ip.46.174.116.60) | - | Hidden Cobra | High
|
||||
175 | [46.174.116.87](https://vuldb.com/?ip.46.174.116.87) | - | Hidden Cobra | High
|
||||
176 | [46.174.116.90](https://vuldb.com/?ip.46.174.116.90) | - | Hidden Cobra | High
|
||||
177 | [46.174.116.99](https://vuldb.com/?ip.46.174.116.99) | - | Hidden Cobra | High
|
||||
178 | [46.174.116.221](https://vuldb.com/?ip.46.174.116.221) | - | Hidden Cobra | High
|
||||
179 | [46.174.116.231](https://vuldb.com/?ip.46.174.116.231) | - | Hidden Cobra | High
|
||||
180 | [46.174.116.234](https://vuldb.com/?ip.46.174.116.234) | - | Hidden Cobra | High
|
||||
181 | [46.174.117.15](https://vuldb.com/?ip.46.174.117.15) | - | Hidden Cobra | High
|
||||
182 | [46.174.117.32](https://vuldb.com/?ip.46.174.117.32) | - | Hidden Cobra | High
|
||||
183 | [46.174.117.36](https://vuldb.com/?ip.46.174.117.36) | - | Hidden Cobra | High
|
||||
184 | [46.174.117.42](https://vuldb.com/?ip.46.174.117.42) | - | Hidden Cobra | High
|
||||
185 | [46.174.117.44](https://vuldb.com/?ip.46.174.117.44) | - | Hidden Cobra | High
|
||||
186 | [46.174.117.50](https://vuldb.com/?ip.46.174.117.50) | - | Hidden Cobra | High
|
||||
187 | [46.174.117.61](https://vuldb.com/?ip.46.174.117.61) | - | Hidden Cobra | High
|
||||
188 | [46.174.117.77](https://vuldb.com/?ip.46.174.117.77) | - | Hidden Cobra | High
|
||||
189 | [46.174.117.80](https://vuldb.com/?ip.46.174.117.80) | - | Hidden Cobra | High
|
||||
190 | [46.174.117.97](https://vuldb.com/?ip.46.174.117.97) | - | Hidden Cobra | High
|
||||
191 | [46.174.117.98](https://vuldb.com/?ip.46.174.117.98) | - | Hidden Cobra | High
|
||||
192 | [46.174.117.103](https://vuldb.com/?ip.46.174.117.103) | - | Hidden Cobra | High
|
||||
193 | [46.174.117.116](https://vuldb.com/?ip.46.174.117.116) | - | Hidden Cobra | High
|
||||
194 | [46.174.117.121](https://vuldb.com/?ip.46.174.117.121) | - | Hidden Cobra | High
|
||||
195 | [46.174.117.129](https://vuldb.com/?ip.46.174.117.129) | - | Hidden Cobra | High
|
||||
196 | [46.174.117.134](https://vuldb.com/?ip.46.174.117.134) | - | Hidden Cobra | High
|
||||
197 | [46.174.117.153](https://vuldb.com/?ip.46.174.117.153) | - | Hidden Cobra | High
|
||||
198 | [46.174.117.164](https://vuldb.com/?ip.46.174.117.164) | - | Hidden Cobra | High
|
||||
199 | [46.183.221.109](https://vuldb.com/?ip.46.183.221.109) | ip-221-109.dataclub.info | - | High
|
||||
200 | [46.218.127.110](https://vuldb.com/?ip.46.218.127.110) | reverse.completel.fr | Hidden Cobra | High
|
||||
201 | [47.206.4.145](https://vuldb.com/?ip.47.206.4.145) | static-47-206-4-145.srst.fl.frontiernet.net | Hoplight | High
|
||||
202 | [49.206.1.61](https://vuldb.com/?ip.49.206.1.61) | 49.206.1.61.actcorp.in | Hidden Cobra | High
|
||||
203 | [49.247.9.177](https://vuldb.com/?ip.49.247.9.177) | - | - | High
|
||||
204 | [50.62.168.157](https://vuldb.com/?ip.50.62.168.157) | p3nwvpweb145.shr.prod.phx3.secureserver.net | Fallchill | High
|
||||
205 | [50.87.144.227](https://vuldb.com/?ip.50.87.144.227) | somethingaboutmarketing.com | - | High
|
||||
206 | [50.192.28.29](https://vuldb.com/?ip.50.192.28.29) | speed-stream.com | Netherlands and Belgium | High
|
||||
207 | [51.38.234.8](https://vuldb.com/?ip.51.38.234.8) | hydra.skok.pl | - | High
|
||||
208 | [51.68.119.230](https://vuldb.com/?ip.51.68.119.230) | ns3145204.ip-51-68-119.eu | - | High
|
||||
209 | [51.79.44.111](https://vuldb.com/?ip.51.79.44.111) | server2.urgentfury.net | - | High
|
||||
210 | [51.235.1.216](https://vuldb.com/?ip.51.235.1.216) | - | Hidden Cobra | High
|
||||
211 | [51.235.13.162](https://vuldb.com/?ip.51.235.13.162) | - | Hidden Cobra | High
|
||||
212 | [51.235.17.133](https://vuldb.com/?ip.51.235.17.133) | - | Hidden Cobra | High
|
||||
213 | [51.235.19.202](https://vuldb.com/?ip.51.235.19.202) | - | Hidden Cobra | High
|
||||
214 | [51.235.33.226](https://vuldb.com/?ip.51.235.33.226) | - | Hidden Cobra | High
|
||||
215 | [51.235.49.202](https://vuldb.com/?ip.51.235.49.202) | - | Hidden Cobra | High
|
||||
216 | [52.79.118.195](https://vuldb.com/?ip.52.79.118.195) | ec2-52-79-118-195.ap-northeast-2.compute.amazonaws.com | Chemical Sector | Medium
|
||||
217 | [52.128.23.153](https://vuldb.com/?ip.52.128.23.153) | - | DTrack | High
|
||||
218 | [52.202.193.124](https://vuldb.com/?ip.52.202.193.124) | ec2-52-202-193-124.compute-1.amazonaws.com | MagicRAT | Medium
|
||||
219 | [54.38.11.132](https://vuldb.com/?ip.54.38.11.132) | ip132.ip-54-38-11.eu | - | High
|
||||
220 | [54.39.64.114](https://vuldb.com/?ip.54.39.64.114) | server2.urgentfury.net | - | High
|
||||
221 | [54.39.204.190](https://vuldb.com/?ip.54.39.204.190) | ip190.ip-54-39-204.net | - | High
|
||||
222 | [54.64.30.175](https://vuldb.com/?ip.54.64.30.175) | vega.mh-tec.co.jp | - | High
|
||||
223 | [54.68.42.4](https://vuldb.com/?ip.54.68.42.4) | ec2-54-68-42-4.us-west-2.compute.amazonaws.com | - | Medium
|
||||
224 | [54.241.91.49](https://vuldb.com/?ip.54.241.91.49) | ec2-54-241-91-49.us-west-1.compute.amazonaws.com | - | Medium
|
||||
225 | [58.82.155.98](https://vuldb.com/?ip.58.82.155.98) | 98.155.82.58.static-corp.jastel.co.th | Volgmer | High
|
||||
226 | ... | ... | ... | ...
|
||||
2 | [1.254.179.18](https://vuldb.com/?ip.1.254.179.18) | - | - | High
|
||||
3 | [2.50.22.137](https://vuldb.com/?ip.2.50.22.137) | - | Hidden Cobra | High
|
||||
4 | [2.50.22.189](https://vuldb.com/?ip.2.50.22.189) | - | Hidden Cobra | High
|
||||
5 | [2.50.25.205](https://vuldb.com/?ip.2.50.25.205) | - | Hidden Cobra | High
|
||||
6 | [2.50.27.239](https://vuldb.com/?ip.2.50.27.239) | - | Hidden Cobra | High
|
||||
7 | [2.50.40.245](https://vuldb.com/?ip.2.50.40.245) | - | Hidden Cobra | High
|
||||
8 | [2.93.86.36](https://vuldb.com/?ip.2.93.86.36) | - | Hidden Cobra | High
|
||||
9 | [2.93.86.38](https://vuldb.com/?ip.2.93.86.38) | - | Hidden Cobra | High
|
||||
10 | [2.93.86.65](https://vuldb.com/?ip.2.93.86.65) | - | Hidden Cobra | High
|
||||
11 | [2.93.86.89](https://vuldb.com/?ip.2.93.86.89) | - | Hidden Cobra | High
|
||||
12 | [2.93.86.106](https://vuldb.com/?ip.2.93.86.106) | - | Hidden Cobra | High
|
||||
13 | [2.93.86.136](https://vuldb.com/?ip.2.93.86.136) | - | Hidden Cobra | High
|
||||
14 | [2.93.86.150](https://vuldb.com/?ip.2.93.86.150) | - | Hidden Cobra | High
|
||||
15 | [2.93.86.194](https://vuldb.com/?ip.2.93.86.194) | - | Hidden Cobra | High
|
||||
16 | [2.93.86.197](https://vuldb.com/?ip.2.93.86.197) | - | Hidden Cobra | High
|
||||
17 | [2.93.86.224](https://vuldb.com/?ip.2.93.86.224) | - | Hidden Cobra | High
|
||||
18 | [2.93.86.226](https://vuldb.com/?ip.2.93.86.226) | - | Hidden Cobra | High
|
||||
19 | [2.93.86.247](https://vuldb.com/?ip.2.93.86.247) | - | Hidden Cobra | High
|
||||
20 | [2.93.86.251](https://vuldb.com/?ip.2.93.86.251) | - | Hidden Cobra | High
|
||||
21 | [2.93.86.253](https://vuldb.com/?ip.2.93.86.253) | - | Hidden Cobra | High
|
||||
22 | [2.93.131.116](https://vuldb.com/?ip.2.93.131.116) | - | Hidden Cobra | High
|
||||
23 | [2.93.131.179](https://vuldb.com/?ip.2.93.131.179) | - | Hidden Cobra | High
|
||||
24 | [2.93.238.2](https://vuldb.com/?ip.2.93.238.2) | - | Hidden Cobra | High
|
||||
25 | [2.93.238.12](https://vuldb.com/?ip.2.93.238.12) | - | Hidden Cobra | High
|
||||
26 | [2.93.238.20](https://vuldb.com/?ip.2.93.238.20) | - | Hidden Cobra | High
|
||||
27 | [2.93.238.26](https://vuldb.com/?ip.2.93.238.26) | - | Hidden Cobra | High
|
||||
28 | [2.93.238.35](https://vuldb.com/?ip.2.93.238.35) | - | Hidden Cobra | High
|
||||
29 | [2.93.238.93](https://vuldb.com/?ip.2.93.238.93) | - | Hidden Cobra | High
|
||||
30 | [2.93.238.146](https://vuldb.com/?ip.2.93.238.146) | - | Hidden Cobra | High
|
||||
31 | [2.93.238.167](https://vuldb.com/?ip.2.93.238.167) | - | Hidden Cobra | High
|
||||
32 | [2.93.238.176](https://vuldb.com/?ip.2.93.238.176) | - | Hidden Cobra | High
|
||||
33 | [2.93.238.183](https://vuldb.com/?ip.2.93.238.183) | - | Hidden Cobra | High
|
||||
34 | [2.93.238.199](https://vuldb.com/?ip.2.93.238.199) | - | Hidden Cobra | High
|
||||
35 | [2.93.238.213](https://vuldb.com/?ip.2.93.238.213) | - | Hidden Cobra | High
|
||||
36 | [2.93.238.215](https://vuldb.com/?ip.2.93.238.215) | - | Hidden Cobra | High
|
||||
37 | [2.93.238.222](https://vuldb.com/?ip.2.93.238.222) | - | Hidden Cobra | High
|
||||
38 | [2.93.238.252](https://vuldb.com/?ip.2.93.238.252) | - | Hidden Cobra | High
|
||||
39 | [2.93.238.253](https://vuldb.com/?ip.2.93.238.253) | - | Hidden Cobra | High
|
||||
40 | [2.93.248.5](https://vuldb.com/?ip.2.93.248.5) | - | Hidden Cobra | High
|
||||
41 | [2.93.248.46](https://vuldb.com/?ip.2.93.248.46) | - | Hidden Cobra | High
|
||||
42 | [2.94.53.139](https://vuldb.com/?ip.2.94.53.139) | - | Hidden Cobra | High
|
||||
43 | [2.94.65.211](https://vuldb.com/?ip.2.94.65.211) | - | Hidden Cobra | High
|
||||
44 | [2.94.65.246](https://vuldb.com/?ip.2.94.65.246) | - | Hidden Cobra | High
|
||||
45 | [2.94.82.42](https://vuldb.com/?ip.2.94.82.42) | - | Hidden Cobra | High
|
||||
46 | [2.94.117.30](https://vuldb.com/?ip.2.94.117.30) | - | Hidden Cobra | High
|
||||
47 | [2.94.117.46](https://vuldb.com/?ip.2.94.117.46) | - | Hidden Cobra | High
|
||||
48 | [2.94.117.47](https://vuldb.com/?ip.2.94.117.47) | - | Hidden Cobra | High
|
||||
49 | [2.94.117.56](https://vuldb.com/?ip.2.94.117.56) | - | Hidden Cobra | High
|
||||
50 | [2.94.209.30](https://vuldb.com/?ip.2.94.209.30) | - | Hidden Cobra | High
|
||||
51 | [2.187.99.180](https://vuldb.com/?ip.2.187.99.180) | - | Hidden Cobra | High
|
||||
52 | [3.39.49.255](https://vuldb.com/?ip.3.39.49.255) | ec2-3-39-49-255.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
53 | [3.239.189.175](https://vuldb.com/?ip.3.239.189.175) | ec2-3-239-189-175.compute-1.amazonaws.com | - | Medium
|
||||
54 | [5.22.137.178](https://vuldb.com/?ip.5.22.137.178) | mail.bpdl.co.uk | Hidden Cobra | High
|
||||
55 | [5.22.140.93](https://vuldb.com/?ip.5.22.140.93) | 5-22-140-93.host.as51043.net | Hidden Cobra | High
|
||||
56 | [5.41.88.137](https://vuldb.com/?ip.5.41.88.137) | - | Hidden Cobra | High
|
||||
57 | [5.41.89.32](https://vuldb.com/?ip.5.41.89.32) | - | Hidden Cobra | High
|
||||
58 | [5.41.94.221](https://vuldb.com/?ip.5.41.94.221) | - | Hidden Cobra | High
|
||||
59 | [5.41.190.7](https://vuldb.com/?ip.5.41.190.7) | - | Hidden Cobra | High
|
||||
60 | [5.41.201.151](https://vuldb.com/?ip.5.41.201.151) | - | Hidden Cobra | High
|
||||
61 | [5.41.237.214](https://vuldb.com/?ip.5.41.237.214) | - | Hidden Cobra | High
|
||||
62 | [5.79.99.169](https://vuldb.com/?ip.5.79.99.169) | nsg037-19.divide.nl | Fallchill | High
|
||||
63 | [5.98.91.76](https://vuldb.com/?ip.5.98.91.76) | host-5-98-91-76.business.telecomitalia.it | Hidden Cobra | High
|
||||
64 | [5.141.87.156](https://vuldb.com/?ip.5.141.87.156) | 5-141-97-156.static-adsl.isurgut.ru | Hidden Cobra | High
|
||||
65 | [5.189.190.67](https://vuldb.com/?ip.5.189.190.67) | m2767.contaboserver.net | Hidden Cobra | High
|
||||
66 | [5.200.154.208](https://vuldb.com/?ip.5.200.154.208) | - | Hidden Cobra | High
|
||||
67 | [5.200.177.218](https://vuldb.com/?ip.5.200.177.218) | - | Hidden Cobra | High
|
||||
68 | [5.200.191.104](https://vuldb.com/?ip.5.200.191.104) | - | Hidden Cobra | High
|
||||
69 | [5.200.198.10](https://vuldb.com/?ip.5.200.198.10) | - | Hidden Cobra | High
|
||||
70 | [5.200.202.99](https://vuldb.com/?ip.5.200.202.99) | - | Hidden Cobra | High
|
||||
71 | [13.88.245.250](https://vuldb.com/?ip.13.88.245.250) | - | - | High
|
||||
72 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
73 | [14.102.46.3](https://vuldb.com/?ip.14.102.46.3) | - | Volgmer | High
|
||||
74 | [14.139.125.214](https://vuldb.com/?ip.14.139.125.214) | - | Volgmer | High
|
||||
75 | [14.140.123.179](https://vuldb.com/?ip.14.140.123.179) | 14.140.123.179.static-pune-vsnl.net.in | Hidden Cobra | High
|
||||
76 | [14.141.27.100](https://vuldb.com/?ip.14.141.27.100) | 14.141.26.100.static-Mumbai.vsnl.net.in | Hidden Cobra | High
|
||||
77 | [14.141.129.116](https://vuldb.com/?ip.14.141.129.116) | 14.141.129.116.static-Delhi.vsnl.net.in | Volgmer | High
|
||||
78 | [14.149.149.211](https://vuldb.com/?ip.14.149.149.211) | - | Hidden Cobra | High
|
||||
79 | [21.252.107.198](https://vuldb.com/?ip.21.252.107.198) | - | Hoplight | High
|
||||
80 | [23.50.0.140](https://vuldb.com/?ip.23.50.0.140) | a23-50-0-140.deploy.static.akamaitechnologies.com | - | High
|
||||
81 | [23.81.246.107](https://vuldb.com/?ip.23.81.246.107) | - | - | High
|
||||
82 | [23.81.246.131](https://vuldb.com/?ip.23.81.246.131) | - | South Korea | High
|
||||
83 | [23.81.246.179](https://vuldb.com/?ip.23.81.246.179) | - | - | High
|
||||
84 | [23.82.141.50](https://vuldb.com/?ip.23.82.141.50) | - | - | High
|
||||
85 | [23.82.141.172](https://vuldb.com/?ip.23.82.141.172) | - | - | High
|
||||
86 | [23.94.37.55](https://vuldb.com/?ip.23.94.37.55) | 23-94-37-55-host.colocrossing.com | - | High
|
||||
87 | [23.94.139.92](https://vuldb.com/?ip.23.94.139.92) | 23-94-139-92-host.colocrossing.com | - | High
|
||||
88 | [23.95.67.143](https://vuldb.com/?ip.23.95.67.143) | 23-95-67-143-host.colocrossing.com | - | High
|
||||
89 | [23.106.160.40](https://vuldb.com/?ip.23.106.160.40) | - | - | High
|
||||
90 | [23.106.223.194](https://vuldb.com/?ip.23.106.223.194) | - | - | High
|
||||
91 | [23.108.57.232](https://vuldb.com/?ip.23.108.57.232) | - | - | High
|
||||
92 | [23.152.0.232](https://vuldb.com/?ip.23.152.0.232) | betrp-basisto.seemband.com | - | High
|
||||
93 | [23.227.196.5](https://vuldb.com/?ip.23.227.196.5) | 23-227-196-5.static.hvvc.us | - | High
|
||||
94 | [23.227.196.116](https://vuldb.com/?ip.23.227.196.116) | 23-227-196-116.static.hvvc.us | - | High
|
||||
95 | [23.227.199.21](https://vuldb.com/?ip.23.227.199.21) | 23-227-199-21.static.hvvc.us | - | High
|
||||
96 | [23.227.199.53](https://vuldb.com/?ip.23.227.199.53) | 23-227-199-53.static.hvvc.us | - | High
|
||||
97 | [23.227.199.69](https://vuldb.com/?ip.23.227.199.69) | 23-227-199-69.static.hvvc.us | - | High
|
||||
98 | [23.229.111.197](https://vuldb.com/?ip.23.229.111.197) | - | - | High
|
||||
99 | [23.254.119.12](https://vuldb.com/?ip.23.254.119.12) | - | - | High
|
||||
100 | [26.165.218.44](https://vuldb.com/?ip.26.165.218.44) | - | Hoplight | High
|
||||
101 | [27.96.110.130](https://vuldb.com/?ip.27.96.110.130) | 130.110.96.27.static.m1net.com.sg | Hidden Cobra | High
|
||||
102 | [27.114.187.37](https://vuldb.com/?ip.27.114.187.37) | - | Volgmer | High
|
||||
103 | [27.123.221.66](https://vuldb.com/?ip.27.123.221.66) | 66-221.fiber.net.id | Fallchill | High
|
||||
104 | [27.125.35.229](https://vuldb.com/?ip.27.125.35.229) | - | Hidden Cobra | High
|
||||
105 | [31.11.32.79](https://vuldb.com/?ip.31.11.32.79) | websn1s069.aruba.it | Netherlands and Belgium | High
|
||||
106 | [31.47.47.130](https://vuldb.com/?ip.31.47.47.130) | - | Hidden Cobra | High
|
||||
107 | [31.54.73.156](https://vuldb.com/?ip.31.54.73.156) | host31-54-73-156.range31-54.btcentralplus.com | Hidden Cobra | High
|
||||
108 | [31.54.74.176](https://vuldb.com/?ip.31.54.74.176) | host31-54-74-176.range31-54.btcentralplus.com | Hidden Cobra | High
|
||||
109 | [31.146.82.22](https://vuldb.com/?ip.31.146.82.22) | 31-146-82-22.dsl.utg.ge | Volgmer | High
|
||||
110 | [31.146.136.6](https://vuldb.com/?ip.31.146.136.6) | 31-146-136-6.dsl.utg.ge | Hidden Cobra | High
|
||||
111 | [31.168.203.44](https://vuldb.com/?ip.31.168.203.44) | bzq-203-168-31-44.red.bezeqint.net | Hidden Cobra | High
|
||||
112 | [31.186.8.221](https://vuldb.com/?ip.31.186.8.221) | - | - | High
|
||||
113 | [34.199.186.157](https://vuldb.com/?ip.34.199.186.157) | ec2-34-199-186-157.compute-1.amazonaws.com | - | Medium
|
||||
114 | [36.71.90.4](https://vuldb.com/?ip.36.71.90.4) | - | Fallchill | High
|
||||
115 | [37.34.240.177](https://vuldb.com/?ip.37.34.240.177) | - | Hidden Cobra | High
|
||||
116 | [37.48.106.69](https://vuldb.com/?ip.37.48.106.69) | high-convey.blockother.com | Hidden Cobra | High
|
||||
117 | [37.71.50.2](https://vuldb.com/?ip.37.71.50.2) | 2.50.71.37.rev.sfr.net | Hidden Cobra | High
|
||||
118 | [37.72.168.228](https://vuldb.com/?ip.37.72.168.228) | 228.168.72.37.static.swiftway.net | - | High
|
||||
119 | [37.72.175.135](https://vuldb.com/?ip.37.72.175.135) | 37-72-175-135.static.hvvc.us | - | High
|
||||
120 | [37.72.175.179](https://vuldb.com/?ip.37.72.175.179) | 37-72-175-179.static.hvvc.us | - | High
|
||||
121 | [37.72.175.196](https://vuldb.com/?ip.37.72.175.196) | 37-72-175-196.static.hvvc.us | - | High
|
||||
122 | [37.75.0.98](https://vuldb.com/?ip.37.75.0.98) | - | Hidden Cobra | High
|
||||
123 | [37.75.2.203](https://vuldb.com/?ip.37.75.2.203) | - | Hidden Cobra | High
|
||||
124 | [37.75.10.194](https://vuldb.com/?ip.37.75.10.194) | mail.kplus.com.tr | Hidden Cobra | High
|
||||
125 | [37.75.11.162](https://vuldb.com/?ip.37.75.11.162) | 37-75-11-162.rdns.saglayici.net | Hidden Cobra | High
|
||||
126 | [37.98.114.90](https://vuldb.com/?ip.37.98.114.90) | 90.mobinnet.net | Volgmer | High
|
||||
127 | [37.104.24.220](https://vuldb.com/?ip.37.104.24.220) | - | Hidden Cobra | High
|
||||
128 | [37.104.50.144](https://vuldb.com/?ip.37.104.50.144) | - | Hidden Cobra | High
|
||||
129 | [37.104.67.33](https://vuldb.com/?ip.37.104.67.33) | - | Hidden Cobra | High
|
||||
130 | [37.105.234.200](https://vuldb.com/?ip.37.105.234.200) | - | Hidden Cobra | High
|
||||
131 | [37.106.115.3](https://vuldb.com/?ip.37.106.115.3) | - | Hidden Cobra | High
|
||||
132 | [37.143.29.10](https://vuldb.com/?ip.37.143.29.10) | - | Hidden Cobra | High
|
||||
133 | [37.148.209.156](https://vuldb.com/?ip.37.148.209.156) | 37-148-209-156.cizgi.net.tr | Hidden Cobra | High
|
||||
134 | [37.216.67.155](https://vuldb.com/?ip.37.216.67.155) | - | Volgmer | High
|
||||
135 | [37.216.213.70](https://vuldb.com/?ip.37.216.213.70) | - | Hidden Cobra | High
|
||||
136 | [37.235.21.166](https://vuldb.com/?ip.37.235.21.166) | - | Volgmer | High
|
||||
137 | [37.238.135.70](https://vuldb.com/?ip.37.238.135.70) | - | - | High
|
||||
138 | [38.132.124.161](https://vuldb.com/?ip.38.132.124.161) | - | TraderTraitor | High
|
||||
139 | [40.121.90.194](https://vuldb.com/?ip.40.121.90.194) | - | - | High
|
||||
140 | [41.57.108.68](https://vuldb.com/?ip.41.57.108.68) | - | Hidden Cobra | High
|
||||
141 | [41.67.136.38](https://vuldb.com/?ip.41.67.136.38) | netcomafrica.com | Hidden Cobra | High
|
||||
142 | [41.67.136.39](https://vuldb.com/?ip.41.67.136.39) | netcomafrica.com | Hidden Cobra | High
|
||||
143 | [41.72.99.5](https://vuldb.com/?ip.41.72.99.5) | - | Hidden Cobra | High
|
||||
144 | [41.72.101.138](https://vuldb.com/?ip.41.72.101.138) | - | Hidden Cobra | High
|
||||
145 | [41.74.166.253](https://vuldb.com/?ip.41.74.166.253) | - | Hidden Cobra | High
|
||||
146 | [41.92.208.194](https://vuldb.com/?ip.41.92.208.194) | - | Fallchill | High
|
||||
147 | [41.92.208.196](https://vuldb.com/?ip.41.92.208.196) | - | Fallchill | High
|
||||
148 | [41.92.208.197](https://vuldb.com/?ip.41.92.208.197) | - | Fallchill | High
|
||||
149 | [41.110.179.197](https://vuldb.com/?ip.41.110.179.197) | - | Hidden Cobra | High
|
||||
150 | [41.128.226.60](https://vuldb.com/?ip.41.128.226.60) | - | Hidden Cobra | High
|
||||
151 | [41.131.49.228](https://vuldb.com/?ip.41.131.49.228) | host-41-131-49-228.static.link.com.eg | Hidden Cobra | High
|
||||
152 | [41.131.164.156](https://vuldb.com/?ip.41.131.164.156) | - | Hidden Cobra | High
|
||||
153 | [41.134.208.234](https://vuldb.com/?ip.41.134.208.234) | 41-134-208-234.dsl.mweb.co.za | Hidden Cobra | High
|
||||
154 | [41.182.252.56](https://vuldb.com/?ip.41.182.252.56) | ADSL-41-182-252-56.ipb.na | Hidden Cobra | High
|
||||
155 | [41.205.139.34](https://vuldb.com/?ip.41.205.139.34) | ADSL-41-205-139-34.ipb.na | Hidden Cobra | High
|
||||
156 | [41.208.106.68](https://vuldb.com/?ip.41.208.106.68) | owa.altaqnya.com.ly | Hidden Cobra | High
|
||||
157 | [41.208.106.70](https://vuldb.com/?ip.41.208.106.70) | dc1.Mail.dsmhlc.ly | Hidden Cobra | High
|
||||
158 | [41.215.250.40](https://vuldb.com/?ip.41.215.250.40) | - | Hidden Cobra | High
|
||||
159 | [41.223.30.20](https://vuldb.com/?ip.41.223.30.20) | host30-20.creolink.com | Hidden Cobra | High
|
||||
160 | [41.224.254.90](https://vuldb.com/?ip.41.224.254.90) | - | Hidden Cobra | High
|
||||
161 | [43.249.216.6](https://vuldb.com/?ip.43.249.216.6) | - | Volgmer | High
|
||||
162 | [45.33.2.79](https://vuldb.com/?ip.45.33.2.79) | li956-79.members.linode.com | AppleJeus | High
|
||||
163 | [45.33.23.183](https://vuldb.com/?ip.45.33.23.183) | li977-183.members.linode.com | AppleJeus | High
|
||||
164 | [45.56.79.23](https://vuldb.com/?ip.45.56.79.23) | li929-23.members.linode.com | AppleJeus | High
|
||||
165 | [45.58.112.77](https://vuldb.com/?ip.45.58.112.77) | - | - | High
|
||||
166 | [45.79.19.196](https://vuldb.com/?ip.45.79.19.196) | li1118-196.members.linode.com | AppleJeus | High
|
||||
167 | [45.118.34.215](https://vuldb.com/?ip.45.118.34.215) | - | Volgmer | High
|
||||
168 | [45.120.61.145](https://vuldb.com/?ip.45.120.61.145) | - | Hidden Cobra | High
|
||||
169 | [45.122.138.130](https://vuldb.com/?ip.45.122.138.130) | - | - | High
|
||||
170 | [45.124.169.36](https://vuldb.com/?ip.45.124.169.36) | - | Volgmer | High
|
||||
171 | [45.128.156.27](https://vuldb.com/?ip.45.128.156.27) | smtp.flatmeadow.com | - | High
|
||||
172 | [45.199.63.220](https://vuldb.com/?ip.45.199.63.220) | - | AppleJeus | High
|
||||
173 | [46.16.62.238](https://vuldb.com/?ip.46.16.62.238) | fnadh-35.srv.cat | TraderTraitor | High
|
||||
174 | [46.19.101.186](https://vuldb.com/?ip.46.19.101.186) | ip-46-19-101-186.gnc.net | Hidden Cobra | High
|
||||
175 | [46.21.147.161](https://vuldb.com/?ip.46.21.147.161) | 46-21-147-161.static.hvvc.us | - | High
|
||||
176 | [46.21.153.87](https://vuldb.com/?ip.46.21.153.87) | 87.153.21.46.static.swiftway.net | - | High
|
||||
177 | [46.52.131.102](https://vuldb.com/?ip.46.52.131.102) | - | Hidden Cobra | High
|
||||
178 | [46.121.242.180](https://vuldb.com/?ip.46.121.242.180) | 46-121-242-180.static.012.net.il | Hidden Cobra | High
|
||||
179 | [46.174.116.60](https://vuldb.com/?ip.46.174.116.60) | - | Hidden Cobra | High
|
||||
180 | [46.174.116.87](https://vuldb.com/?ip.46.174.116.87) | - | Hidden Cobra | High
|
||||
181 | [46.174.116.90](https://vuldb.com/?ip.46.174.116.90) | - | Hidden Cobra | High
|
||||
182 | [46.174.116.99](https://vuldb.com/?ip.46.174.116.99) | - | Hidden Cobra | High
|
||||
183 | [46.174.116.221](https://vuldb.com/?ip.46.174.116.221) | - | Hidden Cobra | High
|
||||
184 | [46.174.116.231](https://vuldb.com/?ip.46.174.116.231) | - | Hidden Cobra | High
|
||||
185 | [46.174.116.234](https://vuldb.com/?ip.46.174.116.234) | - | Hidden Cobra | High
|
||||
186 | [46.174.117.15](https://vuldb.com/?ip.46.174.117.15) | - | Hidden Cobra | High
|
||||
187 | [46.174.117.32](https://vuldb.com/?ip.46.174.117.32) | - | Hidden Cobra | High
|
||||
188 | [46.174.117.36](https://vuldb.com/?ip.46.174.117.36) | - | Hidden Cobra | High
|
||||
189 | [46.174.117.42](https://vuldb.com/?ip.46.174.117.42) | - | Hidden Cobra | High
|
||||
190 | [46.174.117.44](https://vuldb.com/?ip.46.174.117.44) | - | Hidden Cobra | High
|
||||
191 | [46.174.117.50](https://vuldb.com/?ip.46.174.117.50) | - | Hidden Cobra | High
|
||||
192 | [46.174.117.61](https://vuldb.com/?ip.46.174.117.61) | - | Hidden Cobra | High
|
||||
193 | [46.174.117.77](https://vuldb.com/?ip.46.174.117.77) | - | Hidden Cobra | High
|
||||
194 | [46.174.117.80](https://vuldb.com/?ip.46.174.117.80) | - | Hidden Cobra | High
|
||||
195 | [46.174.117.97](https://vuldb.com/?ip.46.174.117.97) | - | Hidden Cobra | High
|
||||
196 | [46.174.117.98](https://vuldb.com/?ip.46.174.117.98) | - | Hidden Cobra | High
|
||||
197 | [46.174.117.103](https://vuldb.com/?ip.46.174.117.103) | - | Hidden Cobra | High
|
||||
198 | [46.174.117.116](https://vuldb.com/?ip.46.174.117.116) | - | Hidden Cobra | High
|
||||
199 | [46.174.117.121](https://vuldb.com/?ip.46.174.117.121) | - | Hidden Cobra | High
|
||||
200 | [46.174.117.129](https://vuldb.com/?ip.46.174.117.129) | - | Hidden Cobra | High
|
||||
201 | [46.174.117.134](https://vuldb.com/?ip.46.174.117.134) | - | Hidden Cobra | High
|
||||
202 | [46.174.117.153](https://vuldb.com/?ip.46.174.117.153) | - | Hidden Cobra | High
|
||||
203 | [46.174.117.164](https://vuldb.com/?ip.46.174.117.164) | - | Hidden Cobra | High
|
||||
204 | [46.183.221.109](https://vuldb.com/?ip.46.183.221.109) | ip-221-109.dataclub.info | - | High
|
||||
205 | [46.218.127.110](https://vuldb.com/?ip.46.218.127.110) | reverse.completel.fr | Hidden Cobra | High
|
||||
206 | [47.206.4.145](https://vuldb.com/?ip.47.206.4.145) | static-47-206-4-145.srst.fl.frontiernet.net | Hoplight | High
|
||||
207 | [49.206.1.61](https://vuldb.com/?ip.49.206.1.61) | 49.206.1.61.actcorp.in | Hidden Cobra | High
|
||||
208 | [49.247.9.177](https://vuldb.com/?ip.49.247.9.177) | - | - | High
|
||||
209 | [50.62.168.157](https://vuldb.com/?ip.50.62.168.157) | p3nwvpweb145.shr.prod.phx3.secureserver.net | Fallchill | High
|
||||
210 | [50.87.144.227](https://vuldb.com/?ip.50.87.144.227) | somethingaboutmarketing.com | - | High
|
||||
211 | [50.192.28.29](https://vuldb.com/?ip.50.192.28.29) | speed-stream.com | Netherlands and Belgium | High
|
||||
212 | [51.38.234.8](https://vuldb.com/?ip.51.38.234.8) | hydra.skok.pl | - | High
|
||||
213 | [51.68.119.230](https://vuldb.com/?ip.51.68.119.230) | ns3145204.ip-51-68-119.eu | - | High
|
||||
214 | [51.79.44.111](https://vuldb.com/?ip.51.79.44.111) | server2.urgentfury.net | - | High
|
||||
215 | [51.235.1.216](https://vuldb.com/?ip.51.235.1.216) | - | Hidden Cobra | High
|
||||
216 | [51.235.13.162](https://vuldb.com/?ip.51.235.13.162) | - | Hidden Cobra | High
|
||||
217 | [51.235.17.133](https://vuldb.com/?ip.51.235.17.133) | - | Hidden Cobra | High
|
||||
218 | [51.235.19.202](https://vuldb.com/?ip.51.235.19.202) | - | Hidden Cobra | High
|
||||
219 | [51.235.33.226](https://vuldb.com/?ip.51.235.33.226) | - | Hidden Cobra | High
|
||||
220 | [51.235.49.202](https://vuldb.com/?ip.51.235.49.202) | - | Hidden Cobra | High
|
||||
221 | [52.79.118.195](https://vuldb.com/?ip.52.79.118.195) | ec2-52-79-118-195.ap-northeast-2.compute.amazonaws.com | Chemical Sector | Medium
|
||||
222 | [52.79.120.37](https://vuldb.com/?ip.52.79.120.37) | ec2-52-79-120-37.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
223 | [52.128.23.153](https://vuldb.com/?ip.52.128.23.153) | - | DTrack | High
|
||||
224 | [52.148.148.114](https://vuldb.com/?ip.52.148.148.114) | - | - | High
|
||||
225 | [52.202.193.124](https://vuldb.com/?ip.52.202.193.124) | ec2-52-202-193-124.compute-1.amazonaws.com | MagicRAT | Medium
|
||||
226 | [54.38.11.132](https://vuldb.com/?ip.54.38.11.132) | ip132.ip-54-38-11.eu | - | High
|
||||
227 | [54.39.64.114](https://vuldb.com/?ip.54.39.64.114) | server2.urgentfury.net | - | High
|
||||
228 | [54.39.204.190](https://vuldb.com/?ip.54.39.204.190) | ip190.ip-54-39-204.net | - | High
|
||||
229 | [54.64.30.175](https://vuldb.com/?ip.54.64.30.175) | vega.mh-tec.co.jp | - | High
|
||||
230 | [54.68.42.4](https://vuldb.com/?ip.54.68.42.4) | ec2-54-68-42-4.us-west-2.compute.amazonaws.com | - | Medium
|
||||
231 | ... | ... | ... | ...
|
||||
|
||||
There are 902 more IOC items available. Please use our online service to access the data.
|
||||
There are 919 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -269,14 +274,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80, CWE-87 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -285,39 +289,42 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/Admin/add-student.php` | High
|
||||
2 | File | `/admin/blog/blogcategory/add/?_to_field=id&_popup=1` | High
|
||||
3 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
4 | File | `/aya/module/admin/fst_down.inc.php` | High
|
||||
5 | File | `/cgi-bin/R14.2/easy1350.pl` | High
|
||||
6 | File | `/cgi-bin/R14.2/log.pl` | High
|
||||
7 | File | `/ctcprotocol/Protocol` | High
|
||||
8 | File | `/env` | Low
|
||||
9 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/goform/fast_setting_wifi_set` | High
|
||||
12 | File | `/goform/setMacFilterCfg` | High
|
||||
13 | File | `/hrm/controller/employee.php` | High
|
||||
14 | File | `/hrm/employeeadd.php` | High
|
||||
15 | File | `/hrm/employeeview.php` | High
|
||||
16 | File | `/ims/login.php` | High
|
||||
17 | File | `/lib` | Low
|
||||
18 | File | `/login/index.php` | High
|
||||
19 | File | `/m3_exec.h` | Medium
|
||||
20 | File | `/menu.html` | Medium
|
||||
21 | File | `/mhds/clinic/view_details.php` | High
|
||||
22 | File | `/nova/bin/detnet` | High
|
||||
23 | File | `/out.php` | Medium
|
||||
24 | File | `/resources//../` | High
|
||||
2 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
3 | File | `/aya/module/admin/fst_down.inc.php` | High
|
||||
4 | File | `/boat/login.php` | High
|
||||
5 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
6 | File | `/cgi-bin/R14.2/easy1350.pl` | High
|
||||
7 | File | `/cgi-bin/R14.2/log.pl` | High
|
||||
8 | File | `/ctcprotocol/Protocol` | High
|
||||
9 | File | `/ebics-server/ebics.aspx` | High
|
||||
10 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/hrm/controller/employee.php` | High
|
||||
13 | File | `/hrm/employeeadd.php` | High
|
||||
14 | File | `/hrm/employeeview.php` | High
|
||||
15 | File | `/ims/login.php` | High
|
||||
16 | File | `/login/index.php` | High
|
||||
17 | File | `/menu.html` | Medium
|
||||
18 | File | `/mhds/clinic/view_details.php` | High
|
||||
19 | File | `/Moosikay/order.php` | High
|
||||
20 | File | `/nova/bin/detnet` | High
|
||||
21 | File | `/out.php` | Medium
|
||||
22 | File | `/php-opos/index.php` | High
|
||||
23 | File | `/resources//../` | High
|
||||
24 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
25 | File | `/sys/dict/queryTableData` | High
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/v1/sql-runner` | High
|
||||
28 | File | `/view-property.php` | High
|
||||
29 | File | `/wp-admin/admin-ajax.php` | High
|
||||
30 | File | `acme_certificate_edit.php` | High
|
||||
31 | File | `action-visitor.php` | High
|
||||
32 | ... | ... | ...
|
||||
26 | File | `/tmp/boa-temp` | High
|
||||
27 | File | `/tourism/rate_review.php` | High
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/view-property.php` | High
|
||||
30 | File | `/wp-admin/admin-ajax.php` | High
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `action-visitor.php` | High
|
||||
33 | File | `action.php` | Medium
|
||||
34 | File | `adclick.php` | Medium
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 297 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -327,6 +334,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://1275.ru/ioc/237/lazarus-apt-iocs-part-2/
|
||||
* https://asec.ahnlab.com/en/33801/
|
||||
* https://asec.ahnlab.com/en/34461/
|
||||
* https://asec.ahnlab.com/ko/48416/
|
||||
* https://blog.talosintelligence.com/2022/09/lazarus-magicrat.html
|
||||
* https://blog.talosintelligence.com/2022/09/lazarus-three-rats.html
|
||||
* https://blogs.jpcert.or.jp/ja/2022/06/yamabot.html
|
||||
|
|
|
@ -11,9 +11,6 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -52,7 +49,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
|
@ -67,42 +64,40 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.FBCIndex` | Medium
|
||||
2 | File | `/.ssh/authorized_keys` | High
|
||||
3 | File | `/blogengine/api/posts` | High
|
||||
4 | File | `/bsms_ci/index.php` | High
|
||||
5 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
6 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
|
||||
7 | File | `/cgi-bin/api-get_line_status` | High
|
||||
8 | File | `/cgi-bin/luci` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/.ssh/authorized_keys` | High
|
||||
4 | File | `/as/authorization.oauth2` | High
|
||||
5 | File | `/blogengine/api/posts` | High
|
||||
6 | File | `/cgi-bin/api-get_line_status` | High
|
||||
7 | File | `/cgi-bin/luci` | High
|
||||
8 | File | `/cgi-bin/luci/api/auth` | High
|
||||
9 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
10 | File | `/cgi-bin/upload_vpntar` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/cgi/trustclustermaster.cgi` | High
|
||||
13 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
14 | File | `/export` | Low
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/goform/SetPptpServerCfg` | High
|
||||
17 | File | `/h/calendar` | Medium
|
||||
18 | File | `/hrm/controller/employee.php` | High
|
||||
19 | File | `/js/app.js` | Medium
|
||||
20 | File | `/login/index.php` | High
|
||||
21 | File | `/mkshope/login.php` | High
|
||||
22 | File | `/obs/book.php` | High
|
||||
23 | File | `/out.php` | Medium
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/export` | Low
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/goform/SetPptpServerCfg` | High
|
||||
18 | File | `/h/calendar` | Medium
|
||||
19 | File | `/hrm/controller/employee.php` | High
|
||||
20 | File | `/js/app.js` | Medium
|
||||
21 | File | `/login/index.php` | High
|
||||
22 | File | `/mkshope/login.php` | High
|
||||
23 | File | `/obs/book.php` | High
|
||||
24 | File | `/products/view_product.php` | High
|
||||
25 | File | `/public/launchNewWindow.jsp` | High
|
||||
26 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
|
||||
27 | File | `/self.key` | Medium
|
||||
28 | File | `/services/view_service.php` | High
|
||||
29 | File | `/shell` | Low
|
||||
30 | File | `/spip.php` | Medium
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/userRpm/popupSiteSurveyRpm.html` | High
|
||||
33 | File | `/usr/bin/pkexec` | High
|
||||
34 | File | `/usr/bin/tddp` | High
|
||||
35 | ... | ... | ...
|
||||
26 | File | `/public/login.htm` | High
|
||||
27 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
|
||||
28 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
29 | File | `/self.key` | Medium
|
||||
30 | File | `/services/view_service.php` | High
|
||||
31 | File | `/shell` | Low
|
||||
32 | File | `/spip.php` | Medium
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 281 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
@ -94,8 +94,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -154,7 +153,7 @@ ID | Type | Indicator | Confidence
|
|||
47 | File | `application/libraries/LanguageTask.php` | High
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 420 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 418 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,9 +8,9 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Magecart:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
@ -67,47 +67,49 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/action/import_aaa_cert_file/` | High
|
||||
2 | File | `/action/import_wireguard_cert_file/` | High
|
||||
3 | File | `/admin/?page=user/manage_user` | High
|
||||
4 | File | `/admin/admin.php` | High
|
||||
5 | File | `/admin/edit_members.php` | High
|
||||
6 | File | `/admin/submit-articles` | High
|
||||
7 | File | `/admin/users/index.php` | High
|
||||
8 | File | `/asms/admin/services/manage_service.php` | High
|
||||
9 | File | `/attachments` | Medium
|
||||
10 | File | `/aux` | Low
|
||||
11 | File | `/balance/service/list` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/dev/zero` | Medium
|
||||
14 | File | `/etc/hosts` | Medium
|
||||
15 | File | `/etc/os-release` | High
|
||||
16 | File | `/event/admin/?page=user/list` | High
|
||||
17 | File | `/goform/addUserName` | High
|
||||
18 | File | `/goform/form2WizardStep4` | High
|
||||
3 | File | `/admin/admin.php` | High
|
||||
4 | File | `/admin/edit_members.php` | High
|
||||
5 | File | `/admin/submit-articles` | High
|
||||
6 | File | `/admin/users/index.php` | High
|
||||
7 | File | `/attachments` | Medium
|
||||
8 | File | `/aux` | Low
|
||||
9 | File | `/bsms_ci/index.php/book` | High
|
||||
10 | File | `/debug/pprof` | Medium
|
||||
11 | File | `/dev/zero` | Medium
|
||||
12 | File | `/etc/hosts` | Medium
|
||||
13 | File | `/etc/os-release` | High
|
||||
14 | File | `/event/admin/?page=user/list` | High
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/goform/addUserName` | High
|
||||
17 | File | `/goform/form2WizardStep4` | High
|
||||
18 | File | `/goform/formSetEmail` | High
|
||||
19 | File | `/goform/SetIpMacBind` | High
|
||||
20 | File | `/goform/WanParameterSetting` | High
|
||||
21 | File | `/goform/WifiBasicSet` | High
|
||||
22 | File | `/hprms/admin/rooms/view_room.php` | High
|
||||
23 | File | `/hrm/controller/employee.php` | High
|
||||
24 | File | `/hrm/controller/login.php` | High
|
||||
25 | File | `/hss/?page=categories` | High
|
||||
26 | File | `/inc/parser/xhtml.php` | High
|
||||
27 | File | `/index/user/upload_img.html` | High
|
||||
28 | File | `/js/player/dmplayer/dmku/index.php` | High
|
||||
29 | File | `/languages/index.php` | High
|
||||
30 | File | `/linkedcontent/listfiles.php` | High
|
||||
31 | File | `/mgm_dev_upgrade.asp` | High
|
||||
32 | File | `/mgm_log_cfg.asp` | High
|
||||
33 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
34 | File | `/odlms/?page=appointments/view_appointment` | High
|
||||
35 | File | `/proxy` | Low
|
||||
36 | File | `/RestAPI` | Medium
|
||||
37 | File | `/routing.asp` | Medium
|
||||
38 | File | `/services/getFile.cmd` | High
|
||||
39 | File | `/services/view_service.php` | High
|
||||
40 | File | `/spip.php` | Medium
|
||||
41 | ... | ... | ...
|
||||
20 | File | `/goform/WifiBasicSet` | High
|
||||
21 | File | `/hprms/admin/rooms/view_room.php` | High
|
||||
22 | File | `/hrm/controller/employee.php` | High
|
||||
23 | File | `/hrm/controller/login.php` | High
|
||||
24 | File | `/hss/?page=categories` | High
|
||||
25 | File | `/inc/parser/xhtml.php` | High
|
||||
26 | File | `/index/user/upload_img.html` | High
|
||||
27 | File | `/js/player/dmplayer/dmku/index.php` | High
|
||||
28 | File | `/linkedcontent/listfiles.php` | High
|
||||
29 | File | `/medicines/profile.php` | High
|
||||
30 | File | `/mgm_dev_upgrade.asp` | High
|
||||
31 | File | `/mgm_log_cfg.asp` | High
|
||||
32 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
33 | File | `/odlms/?page=appointments/view_appointment` | High
|
||||
34 | File | `/proxy` | Low
|
||||
35 | File | `/routing.asp` | Medium
|
||||
36 | File | `/services/getFile.cmd` | High
|
||||
37 | File | `/services/view_service.php` | High
|
||||
38 | File | `/spip.php` | Medium
|
||||
39 | File | `/statistics/retrieve` | High
|
||||
40 | File | `/tmp` | Low
|
||||
41 | File | `/tmp/kamailio_ctl` | High
|
||||
42 | File | `/var/log/messages` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 370 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -93,7 +93,7 @@ ID | Type | Indicator | Confidence
|
|||
30 | File | `api_poller.php` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 263 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 264 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -21,10 +21,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [DK](https://vuldb.com/?country.dk)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -59,7 +59,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-35 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
@ -73,50 +73,53 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$HOME/.printers` | High
|
||||
2 | File | `/admin/admin.php` | High
|
||||
3 | File | `/backup.pl` | Medium
|
||||
4 | File | `/bin/httpd` | Medium
|
||||
5 | File | `/CPE` | Low
|
||||
6 | File | `/dev/tty` | Medium
|
||||
7 | File | `/ecshop/admin/template.php` | High
|
||||
8 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
9 | File | `/forum/PostPrivateMessage` | High
|
||||
10 | File | `/home/cavesConsole` | High
|
||||
11 | File | `/home/kickPlayer` | High
|
||||
12 | File | `/home/masterConsole` | High
|
||||
13 | File | `/home/sendBroadcast` | High
|
||||
14 | File | `/login/index.php` | High
|
||||
15 | File | `/oews/classes/Master.php?f=update_cart` | High
|
||||
16 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
|
||||
17 | File | `/param.file.tgz` | High
|
||||
18 | File | `/ptippage.cgi` | High
|
||||
19 | File | `/ptipupgrade.cgi` | High
|
||||
20 | File | `/royal_event/userregister.php` | High
|
||||
21 | File | `/setnetworksettings/IPAddress` | High
|
||||
22 | File | `/SetNetworkSettings/SubnetMask` | High
|
||||
23 | File | `/u/username.json` | High
|
||||
24 | File | `/user/s.php` | Medium
|
||||
25 | File | `/user/updatePwd` | High
|
||||
26 | File | `/wireless/basic.asp` | High
|
||||
27 | File | `/wireless/guestnetwork.asp` | High
|
||||
28 | File | `01article.php` | High
|
||||
29 | File | `action.php` | Medium
|
||||
30 | File | `add-locker-form.php` | High
|
||||
31 | File | `admin/abc.php` | High
|
||||
32 | File | `admin/add_payment.php` | High
|
||||
33 | File | `admin/adminlogin.php` | High
|
||||
34 | File | `admin/approve_user.php` | High
|
||||
35 | File | `admin/disapprove_user.php` | High
|
||||
36 | File | `admin/expense_report.php` | High
|
||||
37 | File | `admin/forget_password.php` | High
|
||||
38 | File | `admin/make_payments.php` | High
|
||||
39 | File | `admin/manage_user.php` | High
|
||||
40 | File | `admin/page-login.php` | High
|
||||
41 | File | `admin/practice_pdf.php` | High
|
||||
42 | ... | ... | ...
|
||||
1 | File | `$GIT_DIR/objects` | High
|
||||
2 | File | `$HOME/.printers` | High
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/?page=user/manage` | High
|
||||
6 | File | `/admin/add-new.php` | High
|
||||
7 | File | `/admin/admin.php` | High
|
||||
8 | File | `/admin/doctors.php` | High
|
||||
9 | File | `/admin/edit-doc.php` | High
|
||||
10 | File | `/admin/index3.php` | High
|
||||
11 | File | `/admin/patient.php` | High
|
||||
12 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
13 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
14 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
15 | File | `/adms/classes/Users.php` | High
|
||||
16 | File | `/APR/signup.php` | High
|
||||
17 | File | `/backup.pl` | Medium
|
||||
18 | File | `/bin/httpd` | Medium
|
||||
19 | File | `/boat/login.php` | High
|
||||
20 | File | `/cgi-bin/mainfunction.cgi` | High
|
||||
21 | File | `/CPE` | Low
|
||||
22 | File | `/data/config.ftp.php` | High
|
||||
23 | File | `/ecshop/admin/template.php` | High
|
||||
24 | File | `/editor/index.php` | High
|
||||
25 | File | `/edoc/doctor/patient.php` | High
|
||||
26 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/forum/PostPrivateMessage` | High
|
||||
29 | File | `/home/cavesConsole` | High
|
||||
30 | File | `/home/kickPlayer` | High
|
||||
31 | File | `/home/masterConsole` | High
|
||||
32 | File | `/home/sendBroadcast` | High
|
||||
33 | File | `/oews/classes/Master.php?f=update_cart` | High
|
||||
34 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
|
||||
35 | File | `/param.file.tgz` | High
|
||||
36 | File | `/pet_shop/admin/orders/update_status.php` | High
|
||||
37 | File | `/php-opos/index.php` | High
|
||||
38 | File | `/ptippage.cgi` | High
|
||||
39 | File | `/ptipupgrade.cgi` | High
|
||||
40 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
41 | File | `/royal_event/userregister.php` | High
|
||||
42 | File | `/setnetworksettings/IPAddress` | High
|
||||
43 | File | `/SetNetworkSettings/SubnetMask` | High
|
||||
44 | File | `/tourism/rate_review.php` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 363 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 389 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -82,25 +82,26 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/api/v1/attack` | High
|
||||
8 | File | `/cgi-bin/portal` | High
|
||||
9 | File | `/Config/service/initModel?` | High
|
||||
10 | File | `/etc/shadow` | Medium
|
||||
11 | File | `/export` | Low
|
||||
12 | File | `/goform/NTPSyncWithHost` | High
|
||||
13 | File | `/goform/SetVirtualServerCfg` | High
|
||||
14 | File | `/HNAP1/SetAccessPointMode` | High
|
||||
15 | File | `/home/<user>/SecurityOnion/setup/so-setup` | High
|
||||
16 | File | `/home/www/cgi-bin/diagnostics.cgi` | High
|
||||
17 | File | `/htmlcode/html/indexdefault.asp` | High
|
||||
18 | File | `/include/helpers/upload.helper.php` | High
|
||||
19 | File | `/interface/main/backup.php` | High
|
||||
20 | File | `/local/domain/$DOMID` | High
|
||||
21 | File | `/mkshop/Men/profile.php` | High
|
||||
22 | File | `/MTFWU` | Low
|
||||
23 | File | `/mygym/admin/index.php` | High
|
||||
24 | File | `/opt/Citrix/ICAClient/util/ctxwebhelper` | High
|
||||
25 | File | `/patient/settings.php` | High
|
||||
26 | ... | ... | ...
|
||||
10 | File | `/data/config.ftp.php` | High
|
||||
11 | File | `/etc/shadow` | Medium
|
||||
12 | File | `/export` | Low
|
||||
13 | File | `/goform/NTPSyncWithHost` | High
|
||||
14 | File | `/goform/SetVirtualServerCfg` | High
|
||||
15 | File | `/HNAP1/SetAccessPointMode` | High
|
||||
16 | File | `/home/<user>/SecurityOnion/setup/so-setup` | High
|
||||
17 | File | `/home/www/cgi-bin/diagnostics.cgi` | High
|
||||
18 | File | `/htmlcode/html/indexdefault.asp` | High
|
||||
19 | File | `/include/helpers/upload.helper.php` | High
|
||||
20 | File | `/interface/main/backup.php` | High
|
||||
21 | File | `/local/domain/$DOMID` | High
|
||||
22 | File | `/mkshop/Men/profile.php` | High
|
||||
23 | File | `/MTFWU` | Low
|
||||
24 | File | `/mygym/admin/index.php` | High
|
||||
25 | File | `/opt/Citrix/ICAClient/util/ctxwebhelper` | High
|
||||
26 | File | `/patient/settings.php` | High
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 220 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 224 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -58,8 +58,8 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/anony/mjpg.cgi` | High
|
||||
7 | File | `/api/2.0/rest/aggregator/xml` | High
|
||||
8 | File | `/api/blade-log/api/list` | High
|
||||
9 | File | `/Config/SaveUploadedHotspotLogoFile` | High
|
||||
10 | File | `/core/vendor/meenie/javascript-packer/example-inline.php` | High
|
||||
9 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
10 | File | `/Config/SaveUploadedHotspotLogoFile` | High
|
||||
11 | File | `/dashboard/snapshot/*?orgId=0` | High
|
||||
12 | File | `/ecrire` | Low
|
||||
13 | File | `/exponent_constants.php` | High
|
||||
|
@ -72,34 +72,34 @@ ID | Type | Indicator | Confidence
|
|||
20 | File | `/include/notify.inc.php` | High
|
||||
21 | File | `/mfaslmf/nolicense` | High
|
||||
22 | File | `/mhds/clinic/view_details.php` | High
|
||||
23 | File | `/proc` | Low
|
||||
24 | File | `/products/details.asp` | High
|
||||
25 | File | `/public/plugins/` | High
|
||||
26 | File | `/RestAPI` | Medium
|
||||
27 | File | `/school/model/get_teacher.php` | High
|
||||
28 | File | `/tmp` | Low
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/user/loader.php?api=1` | High
|
||||
31 | File | `/User/saveUser` | High
|
||||
32 | File | `/viewer/krpano.html` | High
|
||||
33 | File | `/ViewUserHover.jspa` | High
|
||||
34 | File | `/WEB-INF/web.xml` | High
|
||||
35 | File | `/wp-admin/admin-ajax.php` | High
|
||||
36 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
37 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
38 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
39 | File | `abc-pcie.c` | Medium
|
||||
40 | File | `accountmanagement.php` | High
|
||||
41 | File | `activateuser.aspx` | High
|
||||
42 | File | `adclick.php` | Medium
|
||||
43 | File | `addentry.php` | Medium
|
||||
44 | File | `adherents/subscription/info.php` | High
|
||||
45 | File | `admin.joomlaflashfun.php` | High
|
||||
46 | File | `admin.php` | Medium
|
||||
47 | File | `admin/addons/archive/archive.php` | High
|
||||
23 | File | `/MicroStrategyWS/happyaxis.jsp` | High
|
||||
24 | File | `/owa/auth/logon.aspx` | High
|
||||
25 | File | `/proc` | Low
|
||||
26 | File | `/products/details.asp` | High
|
||||
27 | File | `/public/plugins/` | High
|
||||
28 | File | `/RestAPI` | Medium
|
||||
29 | File | `/school/model/get_teacher.php` | High
|
||||
30 | File | `/tmp` | Low
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/user/loader.php?api=1` | High
|
||||
33 | File | `/User/saveUser` | High
|
||||
34 | File | `/viewer/krpano.html` | High
|
||||
35 | File | `/ViewUserHover.jspa` | High
|
||||
36 | File | `/WEB-INF/web.xml` | High
|
||||
37 | File | `/wp-admin/admin-ajax.php` | High
|
||||
38 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
39 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
40 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
41 | File | `abc-pcie.c` | Medium
|
||||
42 | File | `accountmanagement.php` | High
|
||||
43 | File | `activateuser.aspx` | High
|
||||
44 | File | `adclick.php` | Medium
|
||||
45 | File | `addentry.php` | Medium
|
||||
46 | File | `admin.joomlaflashfun.php` | High
|
||||
47 | File | `admin.php` | Medium
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 418 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 421 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 12 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -75,7 +75,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
6 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -136,7 +136,7 @@ ID | Type | Indicator | Confidence
|
|||
51 | File | `/php_action/createOrder.php` | High
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 450 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 455 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
# OxtaRAT - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [OxtaRAT](https://vuldb.com/?actor.oxtarat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.oxtarat](https://vuldb.com/?actor.oxtarat)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with OxtaRAT:
|
||||
|
||||
* Silent Watch
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of OxtaRAT.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [38.242.197.156](https://vuldb.com/?ip.38.242.197.156) | vmi1181849.contaboserver.net | Silent Watch | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _OxtaRAT_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://research.checkpoint.com/2023/operation-silent-watch-desktop-surveillance-in-azerbaijan-and-armenia/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -74,7 +74,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -83,68 +83,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/api/admin/articles/` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
7 | File | `/admin/generalsettings.php` | High
|
||||
8 | File | `/Admin/login.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/reports.php` | High
|
||||
11 | File | `/admin/showbad.php` | High
|
||||
12 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
13 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
14 | File | `/apilog.php` | Medium
|
||||
15 | File | `/bin/httpd` | Medium
|
||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
17 | File | `/connectors/index.php` | High
|
||||
18 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
19 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
20 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
23 | File | `/fos/admin/index.php?page=menu` | High
|
||||
24 | File | `/home/masterConsole` | High
|
||||
25 | File | `/home/sendBroadcast` | High
|
||||
26 | File | `/hrm/employeeadd.php` | High
|
||||
27 | File | `/hrm/employeeview.php` | High
|
||||
28 | File | `/index.php` | Medium
|
||||
29 | File | `/Items/*/RemoteImages/Download` | High
|
||||
30 | File | `/items/view_item.php` | High
|
||||
31 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
32 | File | `/lookin/info` | Medium
|
||||
33 | File | `/MagickCore/image.c` | High
|
||||
34 | File | `/manager/index.php` | High
|
||||
35 | File | `/medical/inventories.php` | High
|
||||
36 | File | `/modules/profile/index.php` | High
|
||||
37 | File | `/modules/projects/vw_files.php` | High
|
||||
38 | File | `/modules/public/calendar.php` | High
|
||||
39 | File | `/newsDia.php` | Medium
|
||||
40 | File | `/out.php` | Medium
|
||||
41 | File | `/proxy` | Low
|
||||
42 | File | `/public/launchNewWindow.jsp` | High
|
||||
43 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
44 | File | `/reports/rwservlet` | High
|
||||
45 | File | `/sacco_shield/manage_user.php` | High
|
||||
46 | File | `/spip.php` | Medium
|
||||
47 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
48 | File | `/staff/bookdetails.php` | High
|
||||
49 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
50 | File | `/uncpath/` | Medium
|
||||
51 | File | `/user/update_booking.php` | High
|
||||
52 | File | `/WEB-INF/web.xml` | High
|
||||
53 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
54 | File | `/wireless/security.asp` | High
|
||||
55 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
56 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
57 | File | `01article.php` | High
|
||||
58 | File | `AbstractScheduleJob.java` | High
|
||||
59 | File | `actionphp/download.File.php` | High
|
||||
60 | File | `AdClass.php` | Medium
|
||||
2 | File | `/Admin/add-student.php` | High
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/admin/conferences/list/` | High
|
||||
5 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
6 | File | `/admin/generalsettings.php` | High
|
||||
7 | File | `/Admin/login.php` | High
|
||||
8 | File | `/admin/payment.php` | High
|
||||
9 | File | `/admin/reports.php` | High
|
||||
10 | File | `/admin/showbad.php` | High
|
||||
11 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
12 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
13 | File | `/apilog.php` | Medium
|
||||
14 | File | `/bin/httpd` | Medium
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/connectors/index.php` | High
|
||||
17 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
19 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
22 | File | `/fos/admin/index.php?page=menu` | High
|
||||
23 | File | `/home/masterConsole` | High
|
||||
24 | File | `/home/sendBroadcast` | High
|
||||
25 | File | `/hrm/employeeadd.php` | High
|
||||
26 | File | `/hrm/employeeview.php` | High
|
||||
27 | File | `/index.php` | Medium
|
||||
28 | File | `/Items/*/RemoteImages/Download` | High
|
||||
29 | File | `/items/view_item.php` | High
|
||||
30 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
31 | File | `/lookin/info` | Medium
|
||||
32 | File | `/manager/index.php` | High
|
||||
33 | File | `/medical/inventories.php` | High
|
||||
34 | File | `/modules/profile/index.php` | High
|
||||
35 | File | `/modules/projects/vw_files.php` | High
|
||||
36 | File | `/modules/public/calendar.php` | High
|
||||
37 | File | `/newsDia.php` | Medium
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/php-opos/index.php` | High
|
||||
40 | File | `/proxy` | Low
|
||||
41 | File | `/public/launchNewWindow.jsp` | High
|
||||
42 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
43 | File | `/reports/rwservlet` | High
|
||||
44 | File | `/sacco_shield/manage_user.php` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
47 | File | `/staff/bookdetails.php` | High
|
||||
48 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
49 | File | `/uncpath/` | Medium
|
||||
50 | File | `/user/update_booking.php` | High
|
||||
51 | File | `/WEB-INF/web.xml` | High
|
||||
52 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
53 | File | `/wireless/security.asp` | High
|
||||
54 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
55 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
56 | File | `01article.php` | High
|
||||
57 | File | `AbstractScheduleJob.java` | High
|
||||
58 | File | `actionphp/download.File.php` | High
|
||||
59 | File | `AdClass.php` | Medium
|
||||
60 | File | `adclick.php` | Medium
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 534 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 537 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -107,7 +107,7 @@ ID | Type | Indicator | Confidence
|
|||
45 | File | `addmerchpicform.php` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 399 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 397 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [SC](https://vuldb.com/?country.sc)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
@ -50,10 +50,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -62,32 +62,34 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\Razer\Synapse3\Service\bin` | High
|
||||
2 | File | `.authlie` | Medium
|
||||
3 | File | `/admin_area/login_transfer.php` | High
|
||||
4 | File | `/apply.cgi` | Medium
|
||||
5 | File | `/bsms_ci/index.php/book` | High
|
||||
6 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
7 | File | `/etc/shadow` | Medium
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/forums.php?action=post` | High
|
||||
10 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
11 | File | `/index.php` | Medium
|
||||
12 | File | `/index/user/user_edit.html` | High
|
||||
13 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
|
||||
14 | File | `/login/index.php` | High
|
||||
15 | File | `/rest/api/2/user/picker` | High
|
||||
16 | File | `/rrdp` | Low
|
||||
17 | File | `/SetNetworkSettings/SubnetMask` | High
|
||||
18 | File | `/setNTP.cgi` | Medium
|
||||
19 | File | `/tpts/manage_user.php` | High
|
||||
20 | File | `/u/username.json` | High
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/user/s.php` | Medium
|
||||
23 | File | `/usr/etc/restore0.9` | High
|
||||
24 | File | `acl.c` | Low
|
||||
25 | ... | ... | ...
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/index3.php` | High
|
||||
4 | File | `/admin_area/login_transfer.php` | High
|
||||
5 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
6 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
7 | File | `/apply.cgi` | Medium
|
||||
8 | File | `/bsms_ci/index.php/book` | High
|
||||
9 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
10 | File | `/etc/shadow` | Medium
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/forums.php?action=post` | High
|
||||
13 | File | `/goform/formDefault` | High
|
||||
14 | File | `/goform/formSysCmd` | High
|
||||
15 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
16 | File | `/index.php` | Medium
|
||||
17 | File | `/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml` | High
|
||||
18 | File | `/login/index.php` | High
|
||||
19 | File | `/Moosikay/order.php` | High
|
||||
20 | File | `/SetNetworkSettings/SubnetMask` | High
|
||||
21 | File | `/setNTP.cgi` | Medium
|
||||
22 | File | `/tpts/manage_user.php` | High
|
||||
23 | File | `/u/username.json` | High
|
||||
24 | File | `/user/s.php` | Medium
|
||||
25 | File | `/usr/etc/restore0.9` | High
|
||||
26 | File | `acl.c` | Low
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 208 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 224 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -105,11 +105,9 @@ ID | Type | Indicator | Confidence
|
|||
43 | File | `/uncpath/` | Medium
|
||||
44 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
45 | File | `/usr/syno/etc/mount.conf` | High
|
||||
46 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
47 | File | `/WEB-INF/web.xml` | High
|
||||
48 | ... | ... | ...
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 413 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 403 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -64,14 +64,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -92,9 +92,9 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `/include/chart_generator.php` | High
|
||||
12 | File | `/mhds/clinic/view_details.php` | High
|
||||
13 | File | `/out.php` | Medium
|
||||
14 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
15 | File | `/rest/collectors/1.0/template/custom` | High
|
||||
16 | File | `/RestAPI` | Medium
|
||||
14 | File | `/php-opos/index.php` | High
|
||||
15 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
16 | File | `/rest/collectors/1.0/template/custom` | High
|
||||
17 | File | `/search.php` | Medium
|
||||
18 | File | `/ServletAPI/accounts/login` | High
|
||||
19 | File | `/uncpath/` | Medium
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -2633,13 +2633,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-37, CWE-425 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -2647,38 +2647,37 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.dbus-keyrings` | High
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
3 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
4 | File | `/bin/httpd` | Medium
|
||||
5 | File | `/bin/sh` | Low
|
||||
6 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
7 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
8 | File | `/data/wps.setup.json` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/home/masterConsole` | High
|
||||
12 | File | `/home/sendBroadcast` | High
|
||||
13 | File | `/net-banking/send_funds.php` | High
|
||||
14 | File | `/officescan/console/html/cgi/fcgiOfcDDA.exe` | High
|
||||
15 | File | `/out.php` | Medium
|
||||
16 | File | `/php_action/createUser.php` | High
|
||||
17 | File | `/public/login.htm` | High
|
||||
18 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
19 | File | `/spip.php` | Medium
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/usr/sbin/suexec` | High
|
||||
22 | File | `/wireless/security.asp` | High
|
||||
23 | File | `/wp-admin/admin-ajax.php` | High
|
||||
24 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
25 | File | `action.php` | Medium
|
||||
26 | File | `adclick.php` | Medium
|
||||
27 | File | `admin/expense_report.php` | High
|
||||
28 | File | `admin/index.php` | High
|
||||
29 | File | `admin/manage_user.php` | High
|
||||
30 | ... | ... | ...
|
||||
4 | File | `/as/authorization.oauth2` | High
|
||||
5 | File | `/bin/httpd` | Medium
|
||||
6 | File | `/bin/sh` | Low
|
||||
7 | File | `/boat/login.php` | High
|
||||
8 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
9 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
10 | File | `/cimom` | Low
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/ecshop/admin/template.php` | High
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/forum/PostPrivateMessage` | High
|
||||
16 | File | `/Moosikay/order.php` | High
|
||||
17 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
18 | File | `/out.php` | Medium
|
||||
19 | File | `/php-opos/index.php` | High
|
||||
20 | File | `/public/login.htm` | High
|
||||
21 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
22 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
23 | File | `/tmp/boa-temp` | High
|
||||
24 | File | `/tourism/rate_review.php` | High
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/usr/sbin/suexec` | High
|
||||
27 | File | `/wp-admin/admin-ajax.php` | High
|
||||
28 | File | `/wp-admin/options.php` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 255 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 248 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -84,7 +84,7 @@ ID | Type | Indicator | Confidence
|
|||
21 | File | `admin.asp` | Medium
|
||||
22 | ... | ... | ...
|
||||
|
||||
There are 178 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 179 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -76,7 +76,7 @@ ID | Type | Indicator | Confidence
|
|||
23 | File | `admin_feature.php` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 198 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 199 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -140,16 +140,16 @@ ID | Type | Indicator | Confidence
|
|||
37 | File | `/plain` | Low
|
||||
38 | File | `/public` | Low
|
||||
39 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
40 | File | `/sgms/TreeControl` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
43 | File | `/tmp` | Low
|
||||
44 | File | `/uncpath/` | Medium
|
||||
45 | File | `/updown/upload.cgi` | High
|
||||
46 | File | `/var/log/nginx` | High
|
||||
40 | File | `/spip.php` | Medium
|
||||
41 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
42 | File | `/tmp` | Low
|
||||
43 | File | `/uncpath/` | Medium
|
||||
44 | File | `/updown/upload.cgi` | High
|
||||
45 | File | `/webman/info.cgi` | High
|
||||
46 | File | `/zm/index.php` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 409 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 405 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -52,10 +52,9 @@ ID | Technique | Weakness | Description | Confidence
|
|||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -63,57 +62,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe` | High
|
||||
2 | File | `.kss.pid` | Medium
|
||||
3 | File | `.qpopper-options` | High
|
||||
4 | File | `/api/v1/containers` | High
|
||||
5 | File | `/apply_noauth.cgi` | High
|
||||
6 | File | `/apps/` | Low
|
||||
7 | File | `/backupsettings.conf` | High
|
||||
8 | File | `/bin/sh` | Low
|
||||
9 | File | `/cgi-bin/ExportLogs.sh` | High
|
||||
10 | File | `/debug/pprof` | Medium
|
||||
11 | File | `/etc/passwd` | Medium
|
||||
12 | File | `/include/Model/Upload.php` | High
|
||||
13 | File | `/modules/snf/index.php` | High
|
||||
14 | File | `/Online%20Course%20Registration/my-profile.php` | High
|
||||
15 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
16 | File | `/param.file.tgz` | High
|
||||
17 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
18 | File | `/rrdp` | Low
|
||||
19 | File | `/subtitles.php` | High
|
||||
20 | File | `/tmp` | Low
|
||||
21 | File | `/var/avamar/f_cache.dat` | High
|
||||
22 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
23 | File | `26.html` | Low
|
||||
24 | File | `add_postit.php` | High
|
||||
25 | File | `admin.php` | Medium
|
||||
26 | File | `admin/shophelp.php` | High
|
||||
27 | File | `admin/wp-security-blacklist-menu.php` | High
|
||||
28 | File | `administration.jsp` | High
|
||||
29 | File | `adminquery.php` | High
|
||||
30 | File | `ajaxRequest/methodCall.do` | High
|
||||
31 | File | `Alias.asmx` | Medium
|
||||
32 | File | `ansfaq.asp` | Medium
|
||||
33 | File | `APKINDEX.tar.gz` | High
|
||||
34 | File | `app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb` | High
|
||||
35 | File | `appconfig.ini` | High
|
||||
36 | File | `appGet.cgi` | Medium
|
||||
37 | File | `application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue` | High
|
||||
38 | File | `authpam.c` | Medium
|
||||
39 | File | `autocms.php` | Medium
|
||||
40 | File | `avahi-core/socket.c` | High
|
||||
41 | File | `AvailableApps.php` | High
|
||||
42 | File | `banner.php` | Medium
|
||||
43 | File | `boundary_rules.jsp` | High
|
||||
44 | File | `calendar.php` | Medium
|
||||
45 | File | `calendar_scheduler.php` | High
|
||||
46 | File | `cal_config.inc.php` | High
|
||||
47 | File | `channels/chan_sip.c` | High
|
||||
48 | File | `chrome-devtools-frontend.appspot.com` | High
|
||||
49 | ... | ... | ...
|
||||
1 | File | `.kss.pid` | Medium
|
||||
2 | File | `.qpopper-options` | High
|
||||
3 | File | `/apply_noauth.cgi` | High
|
||||
4 | File | `/auth/fn.php` | Medium
|
||||
5 | File | `/bin/sh` | Low
|
||||
6 | File | `/cgi-bin/ExportLogs.sh` | High
|
||||
7 | File | `/debug/pprof` | Medium
|
||||
8 | File | `/etc/passwd` | Medium
|
||||
9 | File | `/include/Model/Upload.php` | High
|
||||
10 | File | `/modules/snf/index.php` | High
|
||||
11 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
12 | File | `/param.file.tgz` | High
|
||||
13 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
14 | File | `/rrdp` | Low
|
||||
15 | File | `/subtitles.php` | High
|
||||
16 | File | `/tmp` | Low
|
||||
17 | File | `/var/avamar/f_cache.dat` | High
|
||||
18 | File | `/views/directive/sys/SysConfigDataDirective.java` | High
|
||||
19 | File | `26.html` | Low
|
||||
20 | File | `add_postit.php` | High
|
||||
21 | File | `admin.php` | Medium
|
||||
22 | File | `admin/shophelp.php` | High
|
||||
23 | File | `admin/wp-security-blacklist-menu.php` | High
|
||||
24 | File | `administration.jsp` | High
|
||||
25 | File | `adminquery.php` | High
|
||||
26 | File | `ajaxRequest/methodCall.do` | High
|
||||
27 | File | `ansfaq.asp` | Medium
|
||||
28 | File | `APKINDEX.tar.gz` | High
|
||||
29 | File | `app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb` | High
|
||||
30 | File | `appconfig.ini` | High
|
||||
31 | File | `appGet.cgi` | Medium
|
||||
32 | File | `application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue` | High
|
||||
33 | File | `AtlTraceTool8.exe` | High
|
||||
34 | File | `authpam.c` | Medium
|
||||
35 | File | `autocms.php` | Medium
|
||||
36 | File | `avahi-core/socket.c` | High
|
||||
37 | File | `banner.php` | Medium
|
||||
38 | File | `boundary_rules.jsp` | High
|
||||
39 | File | `calendar.php` | Medium
|
||||
40 | File | `calendar_scheduler.php` | High
|
||||
41 | File | `cal_config.inc.php` | High
|
||||
42 | File | `channels/chan_sip.c` | High
|
||||
43 | File | `chrome-devtools-frontend.appspot.com` | High
|
||||
44 | File | `claro_init_global.inc.php` | High
|
||||
45 | File | `class/class.php` | High
|
||||
46 | File | `cloud.php` | Medium
|
||||
47 | File | `cls_fast_template.php` | High
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 424 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 417 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,77 @@
|
|||
# Saint Kitts and Nevis Unknown - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Saint Kitts and Nevis Unknown](https://vuldb.com/?actor.saint_kitts_and_nevis_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.saint_kitts_and_nevis_unknown](https://vuldb.com/?actor.saint_kitts_and_nevis_unknown)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Saint Kitts and Nevis Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Saint Kitts and Nevis Unknown.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.131.208.0](https://vuldb.com/?ip.23.131.208.0) | - | - | High
|
||||
2 | [45.42.252.0](https://vuldb.com/?ip.45.42.252.0) | - | - | High
|
||||
3 | [45.88.187.0](https://vuldb.com/?ip.45.88.187.0) | - | - | High
|
||||
4 | [57.74.108.0](https://vuldb.com/?ip.57.74.108.0) | - | - | High
|
||||
5 | [57.91.128.0](https://vuldb.com/?ip.57.91.128.0) | - | - | High
|
||||
6 | [69.57.238.0](https://vuldb.com/?ip.69.57.238.0) | - | - | High
|
||||
7 | [69.57.253.0](https://vuldb.com/?ip.69.57.253.0) | - | - | High
|
||||
8 | [69.57.254.0](https://vuldb.com/?ip.69.57.254.0) | - | - | High
|
||||
9 | ... | ... | ... | ...
|
||||
|
||||
There are 30 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Saint Kitts and Nevis Unknown_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Saint Kitts and Nevis Unknown. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/index.php` | Medium
|
||||
3 | File | `/pms/index.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 25 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/ip2location_country/ip2location_country_kn.netset
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Silence:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
@ -95,17 +95,17 @@ ID | Type | Indicator | Confidence
|
|||
22 | File | `/h/calendar` | Medium
|
||||
23 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
24 | File | `/index/jobfairol/show/` | High
|
||||
25 | File | `/librarian/bookdetails.php` | High
|
||||
26 | File | `/manage-apartment.php` | High
|
||||
27 | File | `/medicines/profile.php` | High
|
||||
28 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
29 | File | `/nova/bin/detnet` | High
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/pages/apply_vacancy.php` | High
|
||||
32 | File | `/proc/<PID>/mem` | High
|
||||
25 | File | `/manage-apartment.php` | High
|
||||
26 | File | `/medicines/profile.php` | High
|
||||
27 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
28 | File | `/nova/bin/detnet` | High
|
||||
29 | File | `/out.php` | Medium
|
||||
30 | File | `/pages/apply_vacancy.php` | High
|
||||
31 | File | `/proc/<PID>/mem` | High
|
||||
32 | File | `/proxy` | Low
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 283 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 285 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -117,7 +117,7 @@ ID | Type | Indicator | Confidence
|
|||
48 | File | `adm/systools.asp` | High
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 428 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Snatch:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
|
@ -41,7 +41,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -82,10 +82,11 @@ ID | Type | Indicator | Confidence
|
|||
31 | File | `admin.php3` | Medium
|
||||
32 | File | `admin/abc.php` | High
|
||||
33 | File | `admin/add_payment.php` | High
|
||||
34 | File | `admin/disapprove_user.php` | High
|
||||
35 | ... | ... | ...
|
||||
34 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
35 | File | `admin/disapprove_user.php` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 300 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 311 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
|
@ -56,29 +56,34 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/etc/gsissh/sshd_config` | High
|
||||
6 | File | `/forms/nslookupHandler` | High
|
||||
7 | File | `/forum/away.php` | High
|
||||
8 | File | `/include/chart_generator.php` | High
|
||||
9 | File | `/index.php` | Medium
|
||||
10 | File | `/log_download.cgi` | High
|
||||
11 | File | `/mgmt/tm/util/bash` | High
|
||||
12 | File | `/news.dtl.php` | High
|
||||
13 | File | `/p1/p2/:name` | Medium
|
||||
14 | File | `/proc/<PID>/mem` | High
|
||||
15 | File | `/ptms/?page=user` | High
|
||||
16 | File | `/setup/finish` | High
|
||||
17 | File | `/spip.php` | Medium
|
||||
18 | File | `/template/edit` | High
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/upload/file.php` | High
|
||||
21 | File | `/usr/bin/pkexec` | High
|
||||
22 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
23 | File | `/wolfcms/?/admin/user/add` | High
|
||||
24 | File | `/wp-admin` | Medium
|
||||
25 | File | `/wp-admin/admin-ajax.php` | High
|
||||
26 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
27 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
28 | ... | ... | ...
|
||||
8 | File | `/forum/PostPrivateMessage` | High
|
||||
9 | File | `/home/cavesConsole` | High
|
||||
10 | File | `/include/chart_generator.php` | High
|
||||
11 | File | `/index.php` | Medium
|
||||
12 | File | `/login/index.php` | High
|
||||
13 | File | `/log_download.cgi` | High
|
||||
14 | File | `/mgmt/tm/util/bash` | High
|
||||
15 | File | `/news.dtl.php` | High
|
||||
16 | File | `/out.php` | Medium
|
||||
17 | File | `/p1/p2/:name` | Medium
|
||||
18 | File | `/param.file.tgz` | High
|
||||
19 | File | `/proc/<PID>/mem` | High
|
||||
20 | File | `/ptms/?page=user` | High
|
||||
21 | File | `/setup/finish` | High
|
||||
22 | File | `/spip.php` | Medium
|
||||
23 | File | `/template/edit` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/upload/file.php` | High
|
||||
26 | File | `/user/s.php` | Medium
|
||||
27 | File | `/usr/bin/pkexec` | High
|
||||
28 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
29 | File | `/wolfcms/?/admin/user/add` | High
|
||||
30 | File | `/wp-admin` | Medium
|
||||
31 | File | `/wp-admin/admin-ajax.php` | High
|
||||
32 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -81,7 +81,7 @@ ID | Type | Indicator | Confidence
|
|||
16 | File | `classified.php` | High
|
||||
17 | ... | ... | ...
|
||||
|
||||
There are 137 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 140 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -118,7 +118,7 @@ ID | Type | Indicator | Confidence
|
|||
47 | File | `auction.cgi` | Medium
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 416 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 414 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
8 | [5.189.167.220](https://vuldb.com/?ip.5.189.167.220) | - | - | High
|
||||
9 | ... | ... | ... | ...
|
||||
|
||||
There are 31 more IOC items available. Please use our online service to access the data.
|
||||
There are 32 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -74,33 +74,32 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/export` | Low
|
||||
10 | File | `/forgetpassword.php` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/fudforum/index.php` | High
|
||||
13 | File | `/goform/setVLAN` | High
|
||||
14 | File | `/goform/WifiBasicSet` | High
|
||||
15 | File | `/horde/util/go.php` | High
|
||||
16 | File | `/hss/?page=view_product` | High
|
||||
17 | File | `/index.php/ccm/system/file/upload` | High
|
||||
18 | File | `/isms/admin/stocks/view_stock.php` | High
|
||||
19 | File | `/lab.html` | Medium
|
||||
20 | File | `/list/<path:folderpath>` | High
|
||||
21 | File | `/out.php` | Medium
|
||||
22 | File | `/products/details.asp` | High
|
||||
23 | File | `/RestAPI` | Medium
|
||||
24 | File | `/sm/api/v1/firewall/zone/services` | High
|
||||
25 | File | `/spacecom/login.php` | High
|
||||
26 | File | `/strings/ctype-simple.c` | High
|
||||
27 | File | `/sys/dict/queryTableData` | High
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/user/dls_download.php` | High
|
||||
30 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
31 | File | `/v1/sql-runner` | High
|
||||
32 | File | `/web/IndexController.java` | High
|
||||
33 | File | `acknowledge.c` | High
|
||||
34 | File | `actions/CompanyDetailsSave.php` | High
|
||||
35 | File | `adclick.php` | Medium
|
||||
12 | File | `/fos/admin/ajax.php` | High
|
||||
13 | File | `/fudforum/index.php` | High
|
||||
14 | File | `/goform/setVLAN` | High
|
||||
15 | File | `/goform/WifiBasicSet` | High
|
||||
16 | File | `/horde/util/go.php` | High
|
||||
17 | File | `/hss/?page=view_product` | High
|
||||
18 | File | `/index.php/ccm/system/file/upload` | High
|
||||
19 | File | `/isms/admin/stocks/view_stock.php` | High
|
||||
20 | File | `/lab.html` | Medium
|
||||
21 | File | `/list/<path:folderpath>` | High
|
||||
22 | File | `/out.php` | Medium
|
||||
23 | File | `/products/details.asp` | High
|
||||
24 | File | `/RestAPI` | Medium
|
||||
25 | File | `/sm/api/v1/firewall/zone/services` | High
|
||||
26 | File | `/spacecom/login.php` | High
|
||||
27 | File | `/strings/ctype-simple.c` | High
|
||||
28 | File | `/sys/dict/queryTableData` | High
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/user/dls_download.php` | High
|
||||
31 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
32 | File | `/v1/sql-runner` | High
|
||||
33 | File | `/web/IndexController.java` | High
|
||||
34 | File | `acknowledge.c` | High
|
||||
35 | File | `actions/CompanyDetailsSave.php` | High
|
||||
36 | File | `add_comment.php` | High
|
||||
37 | File | `admin.php` | Medium
|
||||
38 | ... | ... | ...
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
@ -112,6 +111,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
|
||||
* https://github.com/Cisco-Talos/IOCs/blob/main/2022/07/transparent-tribe-targets-education.txt
|
||||
* https://lab52.io/blog/new-transparentribe-operation-targeting-india-with-weaponized-covid-19-lure-documents/
|
||||
* https://mp.weixin.qq.com/s/xU7b3m-L2OlAi2bU7nBj0A
|
||||
* https://www.threatminer.org/report.php?q=APTGroupSendsSpearPhishingEmailstoIndianGovernmentOfficials%C2%ABThreatResearchBlog_FireEyeInc.pdf&y=2016
|
||||
* https://www.threatminer.org/report.php?q=MalwareActorsUsingNICCyberSecurityThemedSpearPhishingtoTargetIndianGovernmentOrganizations-Cysinfo.pdf&y=2016
|
||||
* https://www.threatminer.org/report.php?q=proofpoint-operation-transparent-tribe-threat-insight-en.pdf&y=2016
|
||||
|
|
|
@ -65,165 +65,166 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
36 | [8.253.140.118](https://vuldb.com/?ip.8.253.140.118) | - | - | High
|
||||
37 | [8.253.141.249](https://vuldb.com/?ip.8.253.141.249) | - | - | High
|
||||
38 | [8.253.154.236](https://vuldb.com/?ip.8.253.154.236) | - | - | High
|
||||
39 | [14.241.244.60](https://vuldb.com/?ip.14.241.244.60) | - | - | High
|
||||
40 | [18.213.79.189](https://vuldb.com/?ip.18.213.79.189) | ec2-18-213-79-189.compute-1.amazonaws.com | - | Medium
|
||||
41 | [18.233.90.151](https://vuldb.com/?ip.18.233.90.151) | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium
|
||||
42 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
43 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
44 | [23.3.125.111](https://vuldb.com/?ip.23.3.125.111) | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High
|
||||
45 | [23.19.31.135](https://vuldb.com/?ip.23.19.31.135) | - | - | High
|
||||
46 | [23.19.227.147](https://vuldb.com/?ip.23.19.227.147) | - | - | High
|
||||
47 | [23.20.220.174](https://vuldb.com/?ip.23.20.220.174) | ec2-23-20-220-174.compute-1.amazonaws.com | - | Medium
|
||||
48 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
|
||||
49 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
|
||||
50 | [23.21.121.219](https://vuldb.com/?ip.23.21.121.219) | ec2-23-21-121-219.compute-1.amazonaws.com | - | Medium
|
||||
51 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
|
||||
52 | [23.23.83.153](https://vuldb.com/?ip.23.23.83.153) | ec2-23-23-83-153.compute-1.amazonaws.com | - | Medium
|
||||
53 | [23.23.243.154](https://vuldb.com/?ip.23.23.243.154) | ec2-23-23-243-154.compute-1.amazonaws.com | - | Medium
|
||||
54 | [23.46.150.43](https://vuldb.com/?ip.23.46.150.43) | a23-46-150-43.deploy.static.akamaitechnologies.com | - | High
|
||||
55 | [23.46.150.58](https://vuldb.com/?ip.23.46.150.58) | a23-46-150-58.deploy.static.akamaitechnologies.com | - | High
|
||||
56 | [23.46.150.81](https://vuldb.com/?ip.23.46.150.81) | a23-46-150-81.deploy.static.akamaitechnologies.com | - | High
|
||||
57 | [23.62.6.161](https://vuldb.com/?ip.23.62.6.161) | a23-62-6-161.deploy.static.akamaitechnologies.com | - | High
|
||||
58 | [23.62.6.170](https://vuldb.com/?ip.23.62.6.170) | a23-62-6-170.deploy.static.akamaitechnologies.com | - | High
|
||||
59 | [23.94.233.210](https://vuldb.com/?ip.23.94.233.210) | 23-94-233-210-host.colocrossing.com | - | High
|
||||
60 | [23.95.97.59](https://vuldb.com/?ip.23.95.97.59) | 23-95-97-59-host.colocrossing.com | - | High
|
||||
61 | [23.95.231.187](https://vuldb.com/?ip.23.95.231.187) | 23-95-231-187-host.colocrossing.com | - | High
|
||||
62 | [23.96.30.229](https://vuldb.com/?ip.23.96.30.229) | - | - | High
|
||||
63 | [23.160.192.125](https://vuldb.com/?ip.23.160.192.125) | unknown.ip-xfer.net | - | High
|
||||
64 | [23.160.193.106](https://vuldb.com/?ip.23.160.193.106) | unknown.ip-xfer.net | - | High
|
||||
65 | [23.202.231.166](https://vuldb.com/?ip.23.202.231.166) | a23-202-231-166.deploy.static.akamaitechnologies.com | - | High
|
||||
66 | [23.217.138.107](https://vuldb.com/?ip.23.217.138.107) | a23-217-138-107.deploy.static.akamaitechnologies.com | - | High
|
||||
67 | [24.162.214.166](https://vuldb.com/?ip.24.162.214.166) | cpe-24-162-214-166.elp.res.rr.com | - | High
|
||||
68 | [27.72.107.215](https://vuldb.com/?ip.27.72.107.215) | dynamic-adsl.viettel.vn | - | High
|
||||
69 | [27.147.173.227](https://vuldb.com/?ip.27.147.173.227) | 173.227.cetus.link3.net | - | High
|
||||
70 | [30.10.121.157](https://vuldb.com/?ip.30.10.121.157) | - | - | High
|
||||
71 | [31.131.21.184](https://vuldb.com/?ip.31.131.21.184) | - | - | High
|
||||
72 | [31.131.26.122](https://vuldb.com/?ip.31.131.26.122) | - | - | High
|
||||
73 | [31.134.60.181](https://vuldb.com/?ip.31.134.60.181) | 31-134-60-181.telico.pl | - | High
|
||||
74 | [31.134.124.90](https://vuldb.com/?ip.31.134.124.90) | - | - | High
|
||||
75 | [31.172.177.90](https://vuldb.com/?ip.31.172.177.90) | poczta.mp-lift.pl | - | High
|
||||
76 | [31.184.253.6](https://vuldb.com/?ip.31.184.253.6) | - | - | High
|
||||
77 | [31.184.253.37](https://vuldb.com/?ip.31.184.253.37) | models9.vixgrafica.de | - | High
|
||||
78 | [31.202.132.22](https://vuldb.com/?ip.31.202.132.22) | - | - | High
|
||||
79 | [31.211.85.110](https://vuldb.com/?ip.31.211.85.110) | - | - | High
|
||||
80 | [31.214.138.207](https://vuldb.com/?ip.31.214.138.207) | f0a4213918138.rev.snt.net.pl | - | High
|
||||
81 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
|
||||
82 | [34.160.111.145](https://vuldb.com/?ip.34.160.111.145) | 145.111.160.34.bc.googleusercontent.com | - | Medium
|
||||
83 | [34.192.250.175](https://vuldb.com/?ip.34.192.250.175) | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium
|
||||
84 | [34.196.181.158](https://vuldb.com/?ip.34.196.181.158) | ec2-34-196-181-158.compute-1.amazonaws.com | - | Medium
|
||||
85 | [34.198.132.204](https://vuldb.com/?ip.34.198.132.204) | ec2-34-198-132-204.compute-1.amazonaws.com | - | Medium
|
||||
86 | [34.233.102.38](https://vuldb.com/?ip.34.233.102.38) | ec2-34-233-102-38.compute-1.amazonaws.com | - | Medium
|
||||
87 | [36.37.176.6](https://vuldb.com/?ip.36.37.176.6) | - | - | High
|
||||
88 | [36.66.115.180](https://vuldb.com/?ip.36.66.115.180) | - | - | High
|
||||
89 | [36.66.188.251](https://vuldb.com/?ip.36.66.188.251) | - | - | High
|
||||
90 | [36.89.85.103](https://vuldb.com/?ip.36.89.85.103) | - | - | High
|
||||
91 | [36.89.106.69](https://vuldb.com/?ip.36.89.106.69) | - | - | High
|
||||
92 | [36.89.191.119](https://vuldb.com/?ip.36.89.191.119) | - | - | High
|
||||
93 | [36.89.193.181](https://vuldb.com/?ip.36.89.193.181) | - | - | High
|
||||
94 | [36.89.193.235](https://vuldb.com/?ip.36.89.193.235) | - | - | High
|
||||
95 | [36.89.228.201](https://vuldb.com/?ip.36.89.228.201) | - | - | High
|
||||
96 | [36.89.243.241](https://vuldb.com/?ip.36.89.243.241) | - | - | High
|
||||
97 | [36.91.45.10](https://vuldb.com/?ip.36.91.45.10) | - | - | High
|
||||
98 | [36.91.87.227](https://vuldb.com/?ip.36.91.87.227) | - | - | High
|
||||
99 | [36.91.88.164](https://vuldb.com/?ip.36.91.88.164) | - | - | High
|
||||
100 | [36.91.117.231](https://vuldb.com/?ip.36.91.117.231) | - | - | High
|
||||
101 | [36.91.186.235](https://vuldb.com/?ip.36.91.186.235) | - | - | High
|
||||
102 | [36.94.27.124](https://vuldb.com/?ip.36.94.27.124) | - | - | High
|
||||
103 | [36.94.33.102](https://vuldb.com/?ip.36.94.33.102) | - | - | High
|
||||
104 | [36.94.100.202](https://vuldb.com/?ip.36.94.100.202) | - | - | High
|
||||
105 | [36.95.23.89](https://vuldb.com/?ip.36.95.23.89) | - | - | High
|
||||
106 | [36.95.27.243](https://vuldb.com/?ip.36.95.27.243) | - | - | High
|
||||
107 | [37.7.123.244](https://vuldb.com/?ip.37.7.123.244) | apn-37-7-123-244.dynamic.gprs.plus.pl | - | High
|
||||
108 | [37.44.212.179](https://vuldb.com/?ip.37.44.212.179) | - | - | High
|
||||
109 | [37.44.212.216](https://vuldb.com/?ip.37.44.212.216) | - | - | High
|
||||
110 | [37.59.183.142](https://vuldb.com/?ip.37.59.183.142) | - | - | High
|
||||
111 | [37.228.70.134](https://vuldb.com/?ip.37.228.70.134) | - | - | High
|
||||
112 | [37.228.117.146](https://vuldb.com/?ip.37.228.117.146) | metobor.ru | - | High
|
||||
113 | [37.228.117.250](https://vuldb.com/?ip.37.228.117.250) | janome.ru | - | High
|
||||
114 | [37.230.112.146](https://vuldb.com/?ip.37.230.112.146) | audiotop.ru | - | High
|
||||
115 | [37.230.114.93](https://vuldb.com/?ip.37.230.114.93) | admin1.fvds.ru | - | High
|
||||
116 | [37.230.114.248](https://vuldb.com/?ip.37.230.114.248) | kosmolot.com | - | High
|
||||
117 | [37.230.115.129](https://vuldb.com/?ip.37.230.115.129) | dvcarry.fvds.ru | - | High
|
||||
118 | [37.230.115.133](https://vuldb.com/?ip.37.230.115.133) | wdai.io | - | High
|
||||
119 | [37.230.115.138](https://vuldb.com/?ip.37.230.115.138) | i2.com | - | High
|
||||
120 | [37.230.115.171](https://vuldb.com/?ip.37.230.115.171) | geobrox.com | - | High
|
||||
121 | [37.230.115.184](https://vuldb.com/?ip.37.230.115.184) | 21922vdscom.com | - | High
|
||||
122 | [38.132.99.174](https://vuldb.com/?ip.38.132.99.174) | - | - | High
|
||||
123 | [41.77.134.250](https://vuldb.com/?ip.41.77.134.250) | cliente6386477933.clubnet.mz | - | High
|
||||
124 | [41.175.22.226](https://vuldb.com/?ip.41.175.22.226) | - | - | High
|
||||
125 | [41.243.29.182](https://vuldb.com/?ip.41.243.29.182) | 182-29-243-41.r.airtel.cd | - | High
|
||||
126 | [43.245.216.116](https://vuldb.com/?ip.43.245.216.116) | - | - | High
|
||||
127 | [45.5.152.39](https://vuldb.com/?ip.45.5.152.39) | - | - | High
|
||||
128 | [45.6.16.68](https://vuldb.com/?ip.45.6.16.68) | - | - | High
|
||||
129 | [45.14.226.115](https://vuldb.com/?ip.45.14.226.115) | - | - | High
|
||||
130 | [45.36.99.184](https://vuldb.com/?ip.45.36.99.184) | cpe-45-36-99-184.triad.res.rr.com | - | High
|
||||
131 | [45.66.11.116](https://vuldb.com/?ip.45.66.11.116) | vm1488716.2ssd.had.wf | - | High
|
||||
132 | [45.80.148.30](https://vuldb.com/?ip.45.80.148.30) | - | - | High
|
||||
133 | [45.89.127.92](https://vuldb.com/?ip.45.89.127.92) | - | - | High
|
||||
134 | [45.115.172.105](https://vuldb.com/?ip.45.115.172.105) | - | - | High
|
||||
135 | [45.125.1.34](https://vuldb.com/?ip.45.125.1.34) | 45.125.1.34.static.xtom.hk | - | High
|
||||
136 | [45.127.222.8](https://vuldb.com/?ip.45.127.222.8) | - | - | High
|
||||
137 | [45.137.151.198](https://vuldb.com/?ip.45.137.151.198) | ourdiaspora.net | - | High
|
||||
138 | [45.138.158.32](https://vuldb.com/?ip.45.138.158.32) | - | - | High
|
||||
139 | [45.142.213.58](https://vuldb.com/?ip.45.142.213.58) | vm372119.pq.hosting | - | High
|
||||
140 | [45.144.113.168](https://vuldb.com/?ip.45.144.113.168) | - | - | High
|
||||
141 | [45.148.120.153](https://vuldb.com/?ip.45.148.120.153) | - | - | High
|
||||
142 | [45.148.120.195](https://vuldb.com/?ip.45.148.120.195) | pe195.peryon.web.tr | - | High
|
||||
143 | [45.155.173.242](https://vuldb.com/?ip.45.155.173.242) | - | - | High
|
||||
144 | [45.160.145.11](https://vuldb.com/?ip.45.160.145.11) | - | - | High
|
||||
145 | [45.160.145.179](https://vuldb.com/?ip.45.160.145.179) | - | - | High
|
||||
146 | [45.160.145.216](https://vuldb.com/?ip.45.160.145.216) | - | - | High
|
||||
147 | [45.167.249.126](https://vuldb.com/?ip.45.167.249.126) | - | - | High
|
||||
148 | [45.178.142.14](https://vuldb.com/?ip.45.178.142.14) | - | - | High
|
||||
149 | [45.201.134.202](https://vuldb.com/?ip.45.201.134.202) | - | - | High
|
||||
150 | [45.224.214.34](https://vuldb.com/?ip.45.224.214.34) | clientes-214-34.intercommtech.com.br | - | High
|
||||
151 | [45.229.71.211](https://vuldb.com/?ip.45.229.71.211) | static-45-229-71-211.extrememt.com.br | - | High
|
||||
152 | [45.234.248.154](https://vuldb.com/?ip.45.234.248.154) | 45.-234.248-154.rev.voanet.br | - | High
|
||||
153 | [46.4.167.250](https://vuldb.com/?ip.46.4.167.250) | ip-subnet46-4-167.unassigned.theideahosting.net | - | High
|
||||
154 | [46.8.21.10](https://vuldb.com/?ip.46.8.21.10) | 53980.web.hosting-russia.ru | - | High
|
||||
155 | [46.8.21.113](https://vuldb.com/?ip.46.8.21.113) | 64403.web.hosting-russia.ru | - | High
|
||||
156 | [46.30.41.229](https://vuldb.com/?ip.46.30.41.229) | vm494526.eurodir.ru | - | High
|
||||
157 | [46.30.45.208](https://vuldb.com/?ip.46.30.45.208) | vm418209.eurodir.ru | - | High
|
||||
158 | [46.99.175.149](https://vuldb.com/?ip.46.99.175.149) | - | - | High
|
||||
159 | [46.99.175.217](https://vuldb.com/?ip.46.99.175.217) | - | - | High
|
||||
160 | [46.99.188.223](https://vuldb.com/?ip.46.99.188.223) | - | - | High
|
||||
161 | [46.209.140.220](https://vuldb.com/?ip.46.209.140.220) | - | - | High
|
||||
162 | [46.237.117.193](https://vuldb.com/?ip.46.237.117.193) | - | - | High
|
||||
163 | [46.254.128.174](https://vuldb.com/?ip.46.254.128.174) | 46.254.128.174.lanultra.net | - | High
|
||||
164 | [49.156.34.134](https://vuldb.com/?ip.49.156.34.134) | - | - | High
|
||||
165 | [49.176.188.184](https://vuldb.com/?ip.49.176.188.184) | static-n49-176-188-184.bla2.nsw.optusnet.com.au | - | High
|
||||
166 | [50.16.229.140](https://vuldb.com/?ip.50.16.229.140) | ec2-50-16-229-140.compute-1.amazonaws.com | - | Medium
|
||||
167 | [50.19.247.198](https://vuldb.com/?ip.50.19.247.198) | ec2-50-19-247-198.compute-1.amazonaws.com | - | Medium
|
||||
168 | [51.38.101.194](https://vuldb.com/?ip.51.38.101.194) | - | - | High
|
||||
169 | [51.68.247.62](https://vuldb.com/?ip.51.68.247.62) | ip62.ip-51-68-247.eu | - | High
|
||||
170 | [51.77.92.215](https://vuldb.com/?ip.51.77.92.215) | - | - | High
|
||||
171 | [51.81.112.144](https://vuldb.com/?ip.51.81.112.144) | - | - | High
|
||||
172 | [51.81.113.25](https://vuldb.com/?ip.51.81.113.25) | - | - | High
|
||||
173 | [51.89.73.159](https://vuldb.com/?ip.51.89.73.159) | theladbible.site | - | High
|
||||
174 | [51.89.115.101](https://vuldb.com/?ip.51.89.115.101) | secure-3111.buzztary.com | - | High
|
||||
175 | [51.89.115.108](https://vuldb.com/?ip.51.89.115.108) | coms.jt120.com.cn | - | High
|
||||
176 | [51.89.115.110](https://vuldb.com/?ip.51.89.115.110) | pocket-usage.nationfox.net | - | High
|
||||
177 | [51.89.115.112](https://vuldb.com/?ip.51.89.115.112) | brides-crude.nationfox.net | - | High
|
||||
178 | [51.89.115.116](https://vuldb.com/?ip.51.89.115.116) | tombe.nationfox.net | - | High
|
||||
179 | [51.89.115.121](https://vuldb.com/?ip.51.89.115.121) | mail1.cmailer.online | - | High
|
||||
180 | [51.89.115.124](https://vuldb.com/?ip.51.89.115.124) | mta.ga-emailcamel.com | - | High
|
||||
181 | [51.89.177.20](https://vuldb.com/?ip.51.89.177.20) | ip20.ip-51-89-177.eu | - | High
|
||||
182 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
|
||||
183 | [51.254.25.115](https://vuldb.com/?ip.51.254.25.115) | ip115.ip-51-254-25.eu | - | High
|
||||
184 | [51.254.69.244](https://vuldb.com/?ip.51.254.69.244) | - | - | High
|
||||
185 | [51.254.83.17](https://vuldb.com/?ip.51.254.83.17) | ip17.ip-51-254-83.eu | - | High
|
||||
186 | [51.254.164.243](https://vuldb.com/?ip.51.254.164.243) | amortizserv.info | - | High
|
||||
187 | [51.254.164.244](https://vuldb.com/?ip.51.254.164.244) | y9gs.gaurented.com | - | High
|
||||
188 | [51.254.164.245](https://vuldb.com/?ip.51.254.164.245) | ip245.ip-51-254-164.eu | - | High
|
||||
189 | [51.254.164.249](https://vuldb.com/?ip.51.254.164.249) | ip249.ip-51-254-164.eu | - | High
|
||||
190 | [52.0.197.231](https://vuldb.com/?ip.52.0.197.231) | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium
|
||||
191 | [52.20.78.240](https://vuldb.com/?ip.52.20.78.240) | ec2-52-20-78-240.compute-1.amazonaws.com | - | Medium
|
||||
192 | [52.20.197.7](https://vuldb.com/?ip.52.20.197.7) | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium
|
||||
193 | [52.44.169.135](https://vuldb.com/?ip.52.44.169.135) | ec2-52-44-169-135.compute-1.amazonaws.com | - | Medium
|
||||
194 | [52.55.255.113](https://vuldb.com/?ip.52.55.255.113) | ec2-52-55-255-113.compute-1.amazonaws.com | - | Medium
|
||||
195 | ... | ... | ... | ...
|
||||
39 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
40 | [14.241.244.60](https://vuldb.com/?ip.14.241.244.60) | - | - | High
|
||||
41 | [18.213.79.189](https://vuldb.com/?ip.18.213.79.189) | ec2-18-213-79-189.compute-1.amazonaws.com | - | Medium
|
||||
42 | [18.233.90.151](https://vuldb.com/?ip.18.233.90.151) | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium
|
||||
43 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
44 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
45 | [23.3.125.111](https://vuldb.com/?ip.23.3.125.111) | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High
|
||||
46 | [23.19.31.135](https://vuldb.com/?ip.23.19.31.135) | - | - | High
|
||||
47 | [23.19.227.147](https://vuldb.com/?ip.23.19.227.147) | - | - | High
|
||||
48 | [23.20.220.174](https://vuldb.com/?ip.23.20.220.174) | ec2-23-20-220-174.compute-1.amazonaws.com | - | Medium
|
||||
49 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
|
||||
50 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
|
||||
51 | [23.21.121.219](https://vuldb.com/?ip.23.21.121.219) | ec2-23-21-121-219.compute-1.amazonaws.com | - | Medium
|
||||
52 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
|
||||
53 | [23.23.83.153](https://vuldb.com/?ip.23.23.83.153) | ec2-23-23-83-153.compute-1.amazonaws.com | - | Medium
|
||||
54 | [23.23.243.154](https://vuldb.com/?ip.23.23.243.154) | ec2-23-23-243-154.compute-1.amazonaws.com | - | Medium
|
||||
55 | [23.46.150.43](https://vuldb.com/?ip.23.46.150.43) | a23-46-150-43.deploy.static.akamaitechnologies.com | - | High
|
||||
56 | [23.46.150.58](https://vuldb.com/?ip.23.46.150.58) | a23-46-150-58.deploy.static.akamaitechnologies.com | - | High
|
||||
57 | [23.46.150.81](https://vuldb.com/?ip.23.46.150.81) | a23-46-150-81.deploy.static.akamaitechnologies.com | - | High
|
||||
58 | [23.62.6.161](https://vuldb.com/?ip.23.62.6.161) | a23-62-6-161.deploy.static.akamaitechnologies.com | - | High
|
||||
59 | [23.62.6.170](https://vuldb.com/?ip.23.62.6.170) | a23-62-6-170.deploy.static.akamaitechnologies.com | - | High
|
||||
60 | [23.94.233.210](https://vuldb.com/?ip.23.94.233.210) | 23-94-233-210-host.colocrossing.com | - | High
|
||||
61 | [23.95.97.59](https://vuldb.com/?ip.23.95.97.59) | 23-95-97-59-host.colocrossing.com | - | High
|
||||
62 | [23.95.231.187](https://vuldb.com/?ip.23.95.231.187) | 23-95-231-187-host.colocrossing.com | - | High
|
||||
63 | [23.96.30.229](https://vuldb.com/?ip.23.96.30.229) | - | - | High
|
||||
64 | [23.160.192.125](https://vuldb.com/?ip.23.160.192.125) | unknown.ip-xfer.net | - | High
|
||||
65 | [23.160.193.106](https://vuldb.com/?ip.23.160.193.106) | unknown.ip-xfer.net | - | High
|
||||
66 | [23.202.231.166](https://vuldb.com/?ip.23.202.231.166) | a23-202-231-166.deploy.static.akamaitechnologies.com | - | High
|
||||
67 | [23.217.138.107](https://vuldb.com/?ip.23.217.138.107) | a23-217-138-107.deploy.static.akamaitechnologies.com | - | High
|
||||
68 | [24.162.214.166](https://vuldb.com/?ip.24.162.214.166) | cpe-24-162-214-166.elp.res.rr.com | - | High
|
||||
69 | [27.72.107.215](https://vuldb.com/?ip.27.72.107.215) | dynamic-adsl.viettel.vn | - | High
|
||||
70 | [27.147.173.227](https://vuldb.com/?ip.27.147.173.227) | 173.227.cetus.link3.net | - | High
|
||||
71 | [30.10.121.157](https://vuldb.com/?ip.30.10.121.157) | - | - | High
|
||||
72 | [31.131.21.184](https://vuldb.com/?ip.31.131.21.184) | - | - | High
|
||||
73 | [31.131.26.122](https://vuldb.com/?ip.31.131.26.122) | - | - | High
|
||||
74 | [31.134.60.181](https://vuldb.com/?ip.31.134.60.181) | 31-134-60-181.telico.pl | - | High
|
||||
75 | [31.134.124.90](https://vuldb.com/?ip.31.134.124.90) | - | - | High
|
||||
76 | [31.172.177.90](https://vuldb.com/?ip.31.172.177.90) | poczta.mp-lift.pl | - | High
|
||||
77 | [31.184.253.6](https://vuldb.com/?ip.31.184.253.6) | - | - | High
|
||||
78 | [31.184.253.37](https://vuldb.com/?ip.31.184.253.37) | models9.vixgrafica.de | - | High
|
||||
79 | [31.202.132.22](https://vuldb.com/?ip.31.202.132.22) | - | - | High
|
||||
80 | [31.211.85.110](https://vuldb.com/?ip.31.211.85.110) | - | - | High
|
||||
81 | [31.214.138.207](https://vuldb.com/?ip.31.214.138.207) | f0a4213918138.rev.snt.net.pl | - | High
|
||||
82 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
|
||||
83 | [34.160.111.145](https://vuldb.com/?ip.34.160.111.145) | 145.111.160.34.bc.googleusercontent.com | - | Medium
|
||||
84 | [34.192.250.175](https://vuldb.com/?ip.34.192.250.175) | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium
|
||||
85 | [34.196.181.158](https://vuldb.com/?ip.34.196.181.158) | ec2-34-196-181-158.compute-1.amazonaws.com | - | Medium
|
||||
86 | [34.198.132.204](https://vuldb.com/?ip.34.198.132.204) | ec2-34-198-132-204.compute-1.amazonaws.com | - | Medium
|
||||
87 | [34.233.102.38](https://vuldb.com/?ip.34.233.102.38) | ec2-34-233-102-38.compute-1.amazonaws.com | - | Medium
|
||||
88 | [36.37.176.6](https://vuldb.com/?ip.36.37.176.6) | - | - | High
|
||||
89 | [36.66.115.180](https://vuldb.com/?ip.36.66.115.180) | - | - | High
|
||||
90 | [36.66.188.251](https://vuldb.com/?ip.36.66.188.251) | - | - | High
|
||||
91 | [36.89.85.103](https://vuldb.com/?ip.36.89.85.103) | - | - | High
|
||||
92 | [36.89.106.69](https://vuldb.com/?ip.36.89.106.69) | - | - | High
|
||||
93 | [36.89.191.119](https://vuldb.com/?ip.36.89.191.119) | - | - | High
|
||||
94 | [36.89.193.181](https://vuldb.com/?ip.36.89.193.181) | - | - | High
|
||||
95 | [36.89.193.235](https://vuldb.com/?ip.36.89.193.235) | - | - | High
|
||||
96 | [36.89.228.201](https://vuldb.com/?ip.36.89.228.201) | - | - | High
|
||||
97 | [36.89.243.241](https://vuldb.com/?ip.36.89.243.241) | - | - | High
|
||||
98 | [36.91.45.10](https://vuldb.com/?ip.36.91.45.10) | - | - | High
|
||||
99 | [36.91.87.227](https://vuldb.com/?ip.36.91.87.227) | - | - | High
|
||||
100 | [36.91.88.164](https://vuldb.com/?ip.36.91.88.164) | - | - | High
|
||||
101 | [36.91.117.231](https://vuldb.com/?ip.36.91.117.231) | - | - | High
|
||||
102 | [36.91.186.235](https://vuldb.com/?ip.36.91.186.235) | - | - | High
|
||||
103 | [36.94.27.124](https://vuldb.com/?ip.36.94.27.124) | - | - | High
|
||||
104 | [36.94.33.102](https://vuldb.com/?ip.36.94.33.102) | - | - | High
|
||||
105 | [36.94.100.202](https://vuldb.com/?ip.36.94.100.202) | - | - | High
|
||||
106 | [36.95.23.89](https://vuldb.com/?ip.36.95.23.89) | - | - | High
|
||||
107 | [36.95.27.243](https://vuldb.com/?ip.36.95.27.243) | - | - | High
|
||||
108 | [37.7.123.244](https://vuldb.com/?ip.37.7.123.244) | apn-37-7-123-244.dynamic.gprs.plus.pl | - | High
|
||||
109 | [37.44.212.179](https://vuldb.com/?ip.37.44.212.179) | - | - | High
|
||||
110 | [37.44.212.216](https://vuldb.com/?ip.37.44.212.216) | - | - | High
|
||||
111 | [37.59.183.142](https://vuldb.com/?ip.37.59.183.142) | - | - | High
|
||||
112 | [37.228.70.134](https://vuldb.com/?ip.37.228.70.134) | - | - | High
|
||||
113 | [37.228.117.146](https://vuldb.com/?ip.37.228.117.146) | metobor.ru | - | High
|
||||
114 | [37.228.117.250](https://vuldb.com/?ip.37.228.117.250) | janome.ru | - | High
|
||||
115 | [37.230.112.146](https://vuldb.com/?ip.37.230.112.146) | audiotop.ru | - | High
|
||||
116 | [37.230.114.93](https://vuldb.com/?ip.37.230.114.93) | admin1.fvds.ru | - | High
|
||||
117 | [37.230.114.248](https://vuldb.com/?ip.37.230.114.248) | kosmolot.com | - | High
|
||||
118 | [37.230.115.129](https://vuldb.com/?ip.37.230.115.129) | dvcarry.fvds.ru | - | High
|
||||
119 | [37.230.115.133](https://vuldb.com/?ip.37.230.115.133) | wdai.io | - | High
|
||||
120 | [37.230.115.138](https://vuldb.com/?ip.37.230.115.138) | i2.com | - | High
|
||||
121 | [37.230.115.171](https://vuldb.com/?ip.37.230.115.171) | geobrox.com | - | High
|
||||
122 | [37.230.115.184](https://vuldb.com/?ip.37.230.115.184) | 21922vdscom.com | - | High
|
||||
123 | [38.132.99.174](https://vuldb.com/?ip.38.132.99.174) | - | - | High
|
||||
124 | [41.77.134.250](https://vuldb.com/?ip.41.77.134.250) | cliente6386477933.clubnet.mz | - | High
|
||||
125 | [41.175.22.226](https://vuldb.com/?ip.41.175.22.226) | - | - | High
|
||||
126 | [41.243.29.182](https://vuldb.com/?ip.41.243.29.182) | 182-29-243-41.r.airtel.cd | - | High
|
||||
127 | [43.245.216.116](https://vuldb.com/?ip.43.245.216.116) | - | - | High
|
||||
128 | [45.5.152.39](https://vuldb.com/?ip.45.5.152.39) | - | - | High
|
||||
129 | [45.6.16.68](https://vuldb.com/?ip.45.6.16.68) | - | - | High
|
||||
130 | [45.14.226.115](https://vuldb.com/?ip.45.14.226.115) | - | - | High
|
||||
131 | [45.36.99.184](https://vuldb.com/?ip.45.36.99.184) | cpe-45-36-99-184.triad.res.rr.com | - | High
|
||||
132 | [45.66.11.116](https://vuldb.com/?ip.45.66.11.116) | vm1488716.2ssd.had.wf | - | High
|
||||
133 | [45.80.148.30](https://vuldb.com/?ip.45.80.148.30) | - | - | High
|
||||
134 | [45.89.127.92](https://vuldb.com/?ip.45.89.127.92) | - | - | High
|
||||
135 | [45.115.172.105](https://vuldb.com/?ip.45.115.172.105) | - | - | High
|
||||
136 | [45.125.1.34](https://vuldb.com/?ip.45.125.1.34) | 45.125.1.34.static.xtom.hk | - | High
|
||||
137 | [45.127.222.8](https://vuldb.com/?ip.45.127.222.8) | - | - | High
|
||||
138 | [45.137.151.198](https://vuldb.com/?ip.45.137.151.198) | ourdiaspora.net | - | High
|
||||
139 | [45.138.158.32](https://vuldb.com/?ip.45.138.158.32) | - | - | High
|
||||
140 | [45.142.213.58](https://vuldb.com/?ip.45.142.213.58) | vm372119.pq.hosting | - | High
|
||||
141 | [45.144.113.168](https://vuldb.com/?ip.45.144.113.168) | - | - | High
|
||||
142 | [45.148.120.153](https://vuldb.com/?ip.45.148.120.153) | - | - | High
|
||||
143 | [45.148.120.195](https://vuldb.com/?ip.45.148.120.195) | pe195.peryon.web.tr | - | High
|
||||
144 | [45.155.173.242](https://vuldb.com/?ip.45.155.173.242) | - | - | High
|
||||
145 | [45.160.145.11](https://vuldb.com/?ip.45.160.145.11) | - | - | High
|
||||
146 | [45.160.145.179](https://vuldb.com/?ip.45.160.145.179) | - | - | High
|
||||
147 | [45.160.145.216](https://vuldb.com/?ip.45.160.145.216) | - | - | High
|
||||
148 | [45.167.249.126](https://vuldb.com/?ip.45.167.249.126) | - | - | High
|
||||
149 | [45.178.142.14](https://vuldb.com/?ip.45.178.142.14) | - | - | High
|
||||
150 | [45.201.134.202](https://vuldb.com/?ip.45.201.134.202) | - | - | High
|
||||
151 | [45.224.214.34](https://vuldb.com/?ip.45.224.214.34) | clientes-214-34.intercommtech.com.br | - | High
|
||||
152 | [45.229.71.211](https://vuldb.com/?ip.45.229.71.211) | static-45-229-71-211.extrememt.com.br | - | High
|
||||
153 | [45.234.248.154](https://vuldb.com/?ip.45.234.248.154) | 45.-234.248-154.rev.voanet.br | - | High
|
||||
154 | [46.4.167.250](https://vuldb.com/?ip.46.4.167.250) | ip-subnet46-4-167.unassigned.theideahosting.net | - | High
|
||||
155 | [46.8.21.10](https://vuldb.com/?ip.46.8.21.10) | 53980.web.hosting-russia.ru | - | High
|
||||
156 | [46.8.21.113](https://vuldb.com/?ip.46.8.21.113) | 64403.web.hosting-russia.ru | - | High
|
||||
157 | [46.30.41.229](https://vuldb.com/?ip.46.30.41.229) | vm494526.eurodir.ru | - | High
|
||||
158 | [46.30.45.208](https://vuldb.com/?ip.46.30.45.208) | vm418209.eurodir.ru | - | High
|
||||
159 | [46.99.175.149](https://vuldb.com/?ip.46.99.175.149) | - | - | High
|
||||
160 | [46.99.175.217](https://vuldb.com/?ip.46.99.175.217) | - | - | High
|
||||
161 | [46.99.188.223](https://vuldb.com/?ip.46.99.188.223) | - | - | High
|
||||
162 | [46.209.140.220](https://vuldb.com/?ip.46.209.140.220) | - | - | High
|
||||
163 | [46.237.117.193](https://vuldb.com/?ip.46.237.117.193) | - | - | High
|
||||
164 | [46.254.128.174](https://vuldb.com/?ip.46.254.128.174) | 46.254.128.174.lanultra.net | - | High
|
||||
165 | [49.156.34.134](https://vuldb.com/?ip.49.156.34.134) | - | - | High
|
||||
166 | [49.176.188.184](https://vuldb.com/?ip.49.176.188.184) | static-n49-176-188-184.bla2.nsw.optusnet.com.au | - | High
|
||||
167 | [50.16.229.140](https://vuldb.com/?ip.50.16.229.140) | ec2-50-16-229-140.compute-1.amazonaws.com | - | Medium
|
||||
168 | [50.19.247.198](https://vuldb.com/?ip.50.19.247.198) | ec2-50-19-247-198.compute-1.amazonaws.com | - | Medium
|
||||
169 | [51.38.101.194](https://vuldb.com/?ip.51.38.101.194) | - | - | High
|
||||
170 | [51.68.247.62](https://vuldb.com/?ip.51.68.247.62) | ip62.ip-51-68-247.eu | - | High
|
||||
171 | [51.77.92.215](https://vuldb.com/?ip.51.77.92.215) | - | - | High
|
||||
172 | [51.81.112.144](https://vuldb.com/?ip.51.81.112.144) | - | - | High
|
||||
173 | [51.81.113.25](https://vuldb.com/?ip.51.81.113.25) | - | - | High
|
||||
174 | [51.89.73.159](https://vuldb.com/?ip.51.89.73.159) | theladbible.site | - | High
|
||||
175 | [51.89.115.101](https://vuldb.com/?ip.51.89.115.101) | secure-3111.buzztary.com | - | High
|
||||
176 | [51.89.115.108](https://vuldb.com/?ip.51.89.115.108) | coms.jt120.com.cn | - | High
|
||||
177 | [51.89.115.110](https://vuldb.com/?ip.51.89.115.110) | pocket-usage.nationfox.net | - | High
|
||||
178 | [51.89.115.112](https://vuldb.com/?ip.51.89.115.112) | brides-crude.nationfox.net | - | High
|
||||
179 | [51.89.115.116](https://vuldb.com/?ip.51.89.115.116) | tombe.nationfox.net | - | High
|
||||
180 | [51.89.115.121](https://vuldb.com/?ip.51.89.115.121) | mail1.cmailer.online | - | High
|
||||
181 | [51.89.115.124](https://vuldb.com/?ip.51.89.115.124) | mta.ga-emailcamel.com | - | High
|
||||
182 | [51.89.177.20](https://vuldb.com/?ip.51.89.177.20) | ip20.ip-51-89-177.eu | - | High
|
||||
183 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
|
||||
184 | [51.254.25.115](https://vuldb.com/?ip.51.254.25.115) | ip115.ip-51-254-25.eu | - | High
|
||||
185 | [51.254.69.244](https://vuldb.com/?ip.51.254.69.244) | - | - | High
|
||||
186 | [51.254.83.17](https://vuldb.com/?ip.51.254.83.17) | ip17.ip-51-254-83.eu | - | High
|
||||
187 | [51.254.164.243](https://vuldb.com/?ip.51.254.164.243) | amortizserv.info | - | High
|
||||
188 | [51.254.164.244](https://vuldb.com/?ip.51.254.164.244) | y9gs.gaurented.com | - | High
|
||||
189 | [51.254.164.245](https://vuldb.com/?ip.51.254.164.245) | ip245.ip-51-254-164.eu | - | High
|
||||
190 | [51.254.164.249](https://vuldb.com/?ip.51.254.164.249) | ip249.ip-51-254-164.eu | - | High
|
||||
191 | [52.0.197.231](https://vuldb.com/?ip.52.0.197.231) | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium
|
||||
192 | [52.20.78.240](https://vuldb.com/?ip.52.20.78.240) | ec2-52-20-78-240.compute-1.amazonaws.com | - | Medium
|
||||
193 | [52.20.197.7](https://vuldb.com/?ip.52.20.197.7) | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium
|
||||
194 | [52.44.169.135](https://vuldb.com/?ip.52.44.169.135) | ec2-52-44-169-135.compute-1.amazonaws.com | - | Medium
|
||||
195 | [52.55.255.113](https://vuldb.com/?ip.52.55.255.113) | ec2-52-55-255-113.compute-1.amazonaws.com | - | Medium
|
||||
196 | ... | ... | ... | ...
|
||||
|
||||
There are 776 more IOC items available. Please use our online service to access the data.
|
||||
There are 778 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -232,14 +233,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80, CWE-85 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 24 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -247,44 +248,44 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/conferences/list/` | High
|
||||
2 | File | `/Admin/dashboard.php` | High
|
||||
3 | File | `/admin/problem_judge.php` | High
|
||||
1 | File | `/?ajax-request=jnews` | High
|
||||
2 | File | `/admin/conferences/list/` | High
|
||||
3 | File | `/Admin/dashboard.php` | High
|
||||
4 | File | `/admin/submit-articles` | High
|
||||
5 | File | `/api/audits` | Medium
|
||||
6 | File | `/api/sys_username_passwd.cmd` | High
|
||||
7 | File | `/api/user/password/sent-reset-email` | High
|
||||
8 | File | `/asms/admin/mechanics/manage_mechanic.php` | High
|
||||
9 | File | `/asms/classes/Master.php?f=delete_mechanic` | High
|
||||
10 | File | `/asms/classes/Master.php?f=delete_service` | High
|
||||
11 | File | `/attachments` | Medium
|
||||
12 | File | `/balance/service/list` | High
|
||||
13 | File | `/bsms_ci/index.php` | High
|
||||
14 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
15 | File | `/classes/Master.php?f=delete_reservation` | High
|
||||
16 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/diag_ping_admin.asp` | High
|
||||
19 | File | `/diag_tracert_admin.asp` | High
|
||||
20 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
21 | File | `/edit-db.php` | Medium
|
||||
22 | File | `/env` | Low
|
||||
23 | File | `/etc/hosts` | Medium
|
||||
24 | File | `/etc/quagga` | Medium
|
||||
25 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
26 | File | `/FormLogin` | Medium
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/FreshRSS/p/ext.php` | High
|
||||
29 | File | `/goform/CertListInfo` | High
|
||||
30 | File | `/goform/fast_setting_wifi_set` | High
|
||||
31 | File | `/goform/L7Im` | Medium
|
||||
32 | File | `/goform/NatStaticSetting` | High
|
||||
33 | File | `/goform/SafeClientFilter` | High
|
||||
34 | File | `/goform/SafeMacFilter` | High
|
||||
35 | File | `/goform/SafeUrlFilter` | High
|
||||
7 | File | `/attachments` | Medium
|
||||
8 | File | `/bsms_ci/index.php` | High
|
||||
9 | File | `/bsms_ci/index.php/book` | High
|
||||
10 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
11 | File | `/diag_ping_admin.asp` | High
|
||||
12 | File | `/diag_tracert_admin.asp` | High
|
||||
13 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
14 | File | `/edit-db.php` | Medium
|
||||
15 | File | `/env` | Low
|
||||
16 | File | `/etc/hosts` | Medium
|
||||
17 | File | `/etc/quagga` | Medium
|
||||
18 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/FreshRSS/p/ext.php` | High
|
||||
21 | File | `/goform/CertListInfo` | High
|
||||
22 | File | `/goform/fast_setting_wifi_set` | High
|
||||
23 | File | `/goform/L7Im` | Medium
|
||||
24 | File | `/goform/NatStaticSetting` | High
|
||||
25 | File | `/goform/SafeClientFilter` | High
|
||||
26 | File | `/goform/SafeMacFilter` | High
|
||||
27 | File | `/goform/SafeUrlFilter` | High
|
||||
28 | File | `/goform/setMacFilterCfg` | High
|
||||
29 | File | `/goform/SysToolReboot` | High
|
||||
30 | File | `/goform/SysToolRestoreSet` | High
|
||||
31 | File | `/goform/VirtualSer` | High
|
||||
32 | File | `/gpac/src/bifs/unquantize.c` | High
|
||||
33 | File | `/hardware` | Medium
|
||||
34 | File | `/horde/util/go.php` | High
|
||||
35 | File | `/index/user/user_edit.html` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 308 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -327,6 +328,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2022/06/threat-roundup-0617-0624.html
|
||||
* https://blog.talosintelligence.com/2022/08/threat-roundup-0805-0812.html
|
||||
* https://blog.talosintelligence.com/2022/09/threat-roundup-0923-0930.html
|
||||
* https://blog.talosintelligence.com/threat-roundup-0106-0113/
|
||||
* https://blog.talosintelligence.com/threat-roundup-0127-0203/
|
||||
* https://blogs.blackberry.com/en/2019/09/blackberry-cylance-vs-trickbot-infostealer-malware
|
||||
* https://blogs.infoblox.com/cyber-threat-intelligence/ransomware-attacks-target-healthcare-sector/
|
||||
* https://community.blueliv.com/#!/s/611a51a282df413eb235470a
|
||||
|
|
|
@ -84,9 +84,10 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/onvif/device_service` | High
|
||||
15 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
16 | File | `/uncpath/` | Medium
|
||||
17 | ... | ... | ...
|
||||
17 | File | `ActiveMediaServer.exe` | High
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 138 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 143 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
34450
actors/Unknown/README.md
34450
actors/Unknown/README.md
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,107 @@
|
|||
# V3G4 - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [V3G4](https://vuldb.com/?actor.v3g4). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.v3g4](https://vuldb.com/?actor.v3g4)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with V3G4:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [LU](https://vuldb.com/?country.lu)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of V3G4.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [104.244.72.64](https://vuldb.com/?ip.104.244.72.64) | winging.co.uk | - | High
|
||||
2 | [176.123.9.238](https://vuldb.com/?ip.176.123.9.238) | - | - | High
|
||||
3 | [198.98.49.79](https://vuldb.com/?ip.198.98.49.79) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _V3G4_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by V3G4. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%APPDATA%\Securepoint SSL VPN` | High
|
||||
2 | File | `//proc/kcore` | Medium
|
||||
3 | File | `/action/iperf` | High
|
||||
4 | File | `/admin.php/admin/plog/index.html` | High
|
||||
5 | File | `/admin.php/singer/admin/singer/del` | High
|
||||
6 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
|
||||
7 | File | `/admin/?page=orders/view_order` | High
|
||||
8 | File | `/admin/comn/service/update.json` | High
|
||||
9 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
|
||||
10 | File | `/admin/transactions/update_status.php` | High
|
||||
11 | File | `/admin/uesrs.php&action=display&value=Hide` | High
|
||||
12 | File | `/administrator/components/menu/` | High
|
||||
13 | File | `/auparse/auparse.c` | High
|
||||
14 | File | `/back/index.php/user/User/?1` | High
|
||||
15 | File | `/backups/` | Medium
|
||||
16 | File | `/backupsettings.conf` | High
|
||||
17 | File | `/bfd/pef.c` | Medium
|
||||
18 | File | `/cgi-bin/logs.ha` | High
|
||||
19 | File | `/claire_blake` | High
|
||||
20 | File | `/classes/Master.php?f=delete_service` | High
|
||||
21 | File | `/coders/pdf.c` | High
|
||||
22 | File | `/common/info.cgi` | High
|
||||
23 | File | `/core/table/query` | High
|
||||
24 | File | `/damicms-master/admin.php?s=/Article/doedit` | High
|
||||
25 | File | `/feedback/post/` | High
|
||||
26 | File | `/gaia-job-admin/user/add` | High
|
||||
27 | File | `/goform/dir_setWanWifi` | High
|
||||
28 | File | `/goform/login` | High
|
||||
29 | File | `/goform/SetInternetLanInfo` | High
|
||||
30 | File | `/goform/setportList` | High
|
||||
31 | File | `/goform/SetPptpServerCfg` | High
|
||||
32 | File | `/goform/WifiBasicSet` | High
|
||||
33 | File | `/group/apply` | Medium
|
||||
34 | File | `/hdf5/src/H5Fint.c` | High
|
||||
35 | File | `/includes/login.php` | High
|
||||
36 | File | `/index.cfm/_api/asset/image/` | High
|
||||
37 | File | `/insurance/editClient.php` | High
|
||||
38 | File | `/linkedcontent/editfolder.php` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 336 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://unit42.paloaltonetworks.com/mirai-variant-v3g4/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -72,7 +72,7 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `/wlanAccess.asp` | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 208 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 210 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -63,40 +63,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin/submit-articles` | High
|
||||
4 | File | `/ad_js.php` | Medium
|
||||
5 | File | `/Ap4RtpAtom.cpp` | High
|
||||
6 | File | `/app/options.py` | High
|
||||
7 | File | `/attachments` | Medium
|
||||
8 | File | `/bsms/?page=manage_account` | High
|
||||
9 | File | `/bsms_ci/index.php/book` | High
|
||||
10 | File | `/cgi-bin/login.cgi` | High
|
||||
11 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
12 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
13 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
14 | File | `/dashboard/reports/logs/view` | High
|
||||
15 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
16 | File | `/debug/pprof` | Medium
|
||||
17 | File | `/etc/hosts` | Medium
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/fuel/sitevariables/delete/4` | High
|
||||
20 | File | `/goform/setmac` | High
|
||||
21 | File | `/goform/wizard_end` | High
|
||||
22 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
23 | File | `/index/jobfairol/show/` | High
|
||||
24 | File | `/librarian/bookdetails.php` | High
|
||||
25 | File | `/manage-apartment.php` | High
|
||||
26 | File | `/medicines/profile.php` | High
|
||||
27 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
28 | File | `/pages/apply_vacancy.php` | High
|
||||
29 | File | `/proc/<PID>/mem` | High
|
||||
30 | File | `/proxy` | Low
|
||||
31 | File | `/spip.php` | Medium
|
||||
32 | ... | ... | ...
|
||||
1 | File | `/about.php` | Medium
|
||||
2 | File | `/admin/submit-articles` | High
|
||||
3 | File | `/ad_js.php` | Medium
|
||||
4 | File | `/app/options.py` | High
|
||||
5 | File | `/attachments` | Medium
|
||||
6 | File | `/bsms/?page=manage_account` | High
|
||||
7 | File | `/bsms_ci/index.php/book` | High
|
||||
8 | File | `/cgi-bin/login.cgi` | High
|
||||
9 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
10 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
12 | File | `/dashboard/reports/logs/view` | High
|
||||
13 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/etc/hosts` | Medium
|
||||
16 | File | `/forum/away.php` | High
|
||||
17 | File | `/goform/formSetEmail` | High
|
||||
18 | File | `/goform/setmac` | High
|
||||
19 | File | `/goform/wizard_end` | High
|
||||
20 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
21 | File | `/index/jobfairol/show/` | High
|
||||
22 | File | `/librarian/bookdetails.php` | High
|
||||
23 | File | `/manage-apartment.php` | High
|
||||
24 | File | `/medicines/profile.php` | High
|
||||
25 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
26 | File | `/pages/apply_vacancy.php` | High
|
||||
27 | File | `/proc/<PID>/mem` | High
|
||||
28 | File | `/proxy` | Low
|
||||
29 | File | `/spip.php` | Medium
|
||||
30 | File | `/tmp` | Low
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/upload` | Low
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 270 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 280 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -38,63 +38,64 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
15 | [20.109.209.108](https://vuldb.com/?ip.20.109.209.108) | - | - | High
|
||||
16 | [20.189.173.20](https://vuldb.com/?ip.20.189.173.20) | - | - | High
|
||||
17 | [20.189.173.22](https://vuldb.com/?ip.20.189.173.22) | - | - | High
|
||||
18 | [23.20.239.12](https://vuldb.com/?ip.23.20.239.12) | ec2-23-20-239-12.compute-1.amazonaws.com | - | Medium
|
||||
19 | [23.56.9.181](https://vuldb.com/?ip.23.56.9.181) | a23-56-9-181.deploy.static.akamaitechnologies.com | - | High
|
||||
20 | [23.96.30.229](https://vuldb.com/?ip.23.96.30.229) | - | - | High
|
||||
21 | [23.193.42.12](https://vuldb.com/?ip.23.193.42.12) | a23-193-42-12.deploy.static.akamaitechnologies.com | - | High
|
||||
22 | [23.218.129.107](https://vuldb.com/?ip.23.218.129.107) | a23-218-129-107.deploy.static.akamaitechnologies.com | - | High
|
||||
23 | [23.221.227.169](https://vuldb.com/?ip.23.221.227.169) | a23-221-227-169.deploy.static.akamaitechnologies.com | - | High
|
||||
24 | [23.227.38.32](https://vuldb.com/?ip.23.227.38.32) | myshopify.com | - | High
|
||||
25 | [23.231.93.174](https://vuldb.com/?ip.23.231.93.174) | sensitivity-new.modedefine.com | - | High
|
||||
26 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
|
||||
27 | [23.253.126.58](https://vuldb.com/?ip.23.253.126.58) | - | - | High
|
||||
28 | [24.87.40.226](https://vuldb.com/?ip.24.87.40.226) | S0106bc9b68c5bd57.vc.shawcable.net | - | High
|
||||
29 | [24.115.94.180](https://vuldb.com/?ip.24.115.94.180) | 24.115.94.180.res-cmts.ovr.ptd.net | - | High
|
||||
30 | [24.120.165.58](https://vuldb.com/?ip.24.120.165.58) | wsip-24-120-165-58.lv.lv.cox.net | - | High
|
||||
31 | [24.252.35.28](https://vuldb.com/?ip.24.252.35.28) | ip24-252-35-28.om.om.cox.net | - | High
|
||||
32 | [27.54.110.77](https://vuldb.com/?ip.27.54.110.77) | 77.110.54.27.dhcp.mct.ne.jp | - | High
|
||||
33 | [32.178.143.61](https://vuldb.com/?ip.32.178.143.61) | mobile-32-178-143-61.mycingular.net | - | High
|
||||
34 | [34.72.197.182](https://vuldb.com/?ip.34.72.197.182) | 182.197.72.34.bc.googleusercontent.com | - | Medium
|
||||
35 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
36 | [34.160.73.230](https://vuldb.com/?ip.34.160.73.230) | 230.73.160.34.bc.googleusercontent.com | - | Medium
|
||||
37 | [35.177.71.77](https://vuldb.com/?ip.35.177.71.77) | ns1.symbiant.net | - | High
|
||||
38 | [36.2.242.186](https://vuldb.com/?ip.36.2.242.186) | 36-2-242-186.aichi.otk.vectant.ne.jp | - | High
|
||||
39 | [37.139.47.108](https://vuldb.com/?ip.37.139.47.108) | 37-139-47-108.vm.clodoserver.ru | - | High
|
||||
40 | [39.116.90.10](https://vuldb.com/?ip.39.116.90.10) | - | - | High
|
||||
41 | [41.168.5.140](https://vuldb.com/?ip.41.168.5.140) | - | - | High
|
||||
42 | [45.60.77.201](https://vuldb.com/?ip.45.60.77.201) | - | - | High
|
||||
43 | [46.32.240.33](https://vuldb.com/?ip.46.32.240.33) | - | - | High
|
||||
44 | [46.165.243.51](https://vuldb.com/?ip.46.165.243.51) | - | - | High
|
||||
45 | [49.212.235.209](https://vuldb.com/?ip.49.212.235.209) | www3469.sakura.ne.jp | - | High
|
||||
46 | [50.7.252.125](https://vuldb.com/?ip.50.7.252.125) | - | - | High
|
||||
47 | [50.63.202.34](https://vuldb.com/?ip.50.63.202.34) | ip-50-63-202-34.ip.secureserver.net | - | High
|
||||
48 | [50.63.202.49](https://vuldb.com/?ip.50.63.202.49) | ip-50-63-202-49.ip.secureserver.net | - | High
|
||||
49 | [50.72.177.24](https://vuldb.com/?ip.50.72.177.24) | S01069050ca30b943.wp.shawcable.net | - | High
|
||||
50 | [50.84.160.82](https://vuldb.com/?ip.50.84.160.82) | rrcs-50-84-160-82.sw.biz.rr.com | - | High
|
||||
51 | [50.116.43.143](https://vuldb.com/?ip.50.116.43.143) | li480-143.members.linode.com | - | High
|
||||
52 | [51.178.156.9](https://vuldb.com/?ip.51.178.156.9) | ip9.ip-51-178-156.eu | - | High
|
||||
53 | [52.85.132.44](https://vuldb.com/?ip.52.85.132.44) | server-52-85-132-44.iad50.r.cloudfront.net | - | High
|
||||
54 | [52.96.9.2](https://vuldb.com/?ip.52.96.9.2) | - | - | High
|
||||
55 | [52.96.15.178](https://vuldb.com/?ip.52.96.15.178) | - | - | High
|
||||
56 | [52.96.88.50](https://vuldb.com/?ip.52.96.88.50) | - | - | High
|
||||
57 | [52.96.88.66](https://vuldb.com/?ip.52.96.88.66) | - | - | High
|
||||
58 | [52.137.90.34](https://vuldb.com/?ip.52.137.90.34) | - | - | High
|
||||
59 | [52.168.117.173](https://vuldb.com/?ip.52.168.117.173) | - | - | High
|
||||
60 | [52.182.143.212](https://vuldb.com/?ip.52.182.143.212) | - | - | High
|
||||
61 | [52.185.71.28](https://vuldb.com/?ip.52.185.71.28) | - | - | High
|
||||
62 | [58.1.158.10](https://vuldb.com/?ip.58.1.158.10) | ntaich204010.aich.nt.ngn.ppp.infoweb.ne.jp | - | High
|
||||
63 | [58.68.2.214](https://vuldb.com/?ip.58.68.2.214) | - | - | High
|
||||
64 | [58.185.131.158](https://vuldb.com/?ip.58.185.131.158) | - | - | High
|
||||
65 | [59.90.221.6](https://vuldb.com/?ip.59.90.221.6) | static.bb.hyd.59.90.221.6.bsnl.in | - | High
|
||||
66 | [60.244.81.6](https://vuldb.com/?ip.60.244.81.6) | 60-244-81-6.apol.com.tw | - | High
|
||||
67 | [61.7.235.35](https://vuldb.com/?ip.61.7.235.35) | - | - | High
|
||||
68 | [61.32.242.131](https://vuldb.com/?ip.61.32.242.131) | - | - | High
|
||||
69 | [62.49.180.189](https://vuldb.com/?ip.62.49.180.189) | - | - | High
|
||||
70 | [62.76.40.177](https://vuldb.com/?ip.62.76.40.177) | 62-76-40-177.vm.clodoserver.ru | - | High
|
||||
71 | [62.76.47.5](https://vuldb.com/?ip.62.76.47.5) | 62-76-47-5.vm.clodoserver.ru | - | High
|
||||
72 | ... | ... | ... | ...
|
||||
18 | [23.3.13.129](https://vuldb.com/?ip.23.3.13.129) | a23-3-13-129.deploy.static.akamaitechnologies.com | - | High
|
||||
19 | [23.3.13.152](https://vuldb.com/?ip.23.3.13.152) | a23-3-13-152.deploy.static.akamaitechnologies.com | - | High
|
||||
20 | [23.20.239.12](https://vuldb.com/?ip.23.20.239.12) | ec2-23-20-239-12.compute-1.amazonaws.com | - | Medium
|
||||
21 | [23.56.9.181](https://vuldb.com/?ip.23.56.9.181) | a23-56-9-181.deploy.static.akamaitechnologies.com | - | High
|
||||
22 | [23.96.30.229](https://vuldb.com/?ip.23.96.30.229) | - | - | High
|
||||
23 | [23.193.42.12](https://vuldb.com/?ip.23.193.42.12) | a23-193-42-12.deploy.static.akamaitechnologies.com | - | High
|
||||
24 | [23.218.129.107](https://vuldb.com/?ip.23.218.129.107) | a23-218-129-107.deploy.static.akamaitechnologies.com | - | High
|
||||
25 | [23.221.227.165](https://vuldb.com/?ip.23.221.227.165) | a23-221-227-165.deploy.static.akamaitechnologies.com | - | High
|
||||
26 | [23.221.227.169](https://vuldb.com/?ip.23.221.227.169) | a23-221-227-169.deploy.static.akamaitechnologies.com | - | High
|
||||
27 | [23.221.227.172](https://vuldb.com/?ip.23.221.227.172) | a23-221-227-172.deploy.static.akamaitechnologies.com | - | High
|
||||
28 | [23.227.38.32](https://vuldb.com/?ip.23.227.38.32) | myshopify.com | - | High
|
||||
29 | [23.231.93.174](https://vuldb.com/?ip.23.231.93.174) | sensitivity-new.modedefine.com | - | High
|
||||
30 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
|
||||
31 | [23.253.126.58](https://vuldb.com/?ip.23.253.126.58) | - | - | High
|
||||
32 | [24.87.40.226](https://vuldb.com/?ip.24.87.40.226) | S0106bc9b68c5bd57.vc.shawcable.net | - | High
|
||||
33 | [24.115.94.180](https://vuldb.com/?ip.24.115.94.180) | 24.115.94.180.res-cmts.ovr.ptd.net | - | High
|
||||
34 | [24.120.165.58](https://vuldb.com/?ip.24.120.165.58) | wsip-24-120-165-58.lv.lv.cox.net | - | High
|
||||
35 | [24.252.35.28](https://vuldb.com/?ip.24.252.35.28) | ip24-252-35-28.om.om.cox.net | - | High
|
||||
36 | [27.54.110.77](https://vuldb.com/?ip.27.54.110.77) | 77.110.54.27.dhcp.mct.ne.jp | - | High
|
||||
37 | [32.178.143.61](https://vuldb.com/?ip.32.178.143.61) | mobile-32-178-143-61.mycingular.net | - | High
|
||||
38 | [34.72.197.182](https://vuldb.com/?ip.34.72.197.182) | 182.197.72.34.bc.googleusercontent.com | - | Medium
|
||||
39 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
40 | [34.160.73.230](https://vuldb.com/?ip.34.160.73.230) | 230.73.160.34.bc.googleusercontent.com | - | Medium
|
||||
41 | [35.177.71.77](https://vuldb.com/?ip.35.177.71.77) | ns1.symbiant.net | - | High
|
||||
42 | [36.2.242.186](https://vuldb.com/?ip.36.2.242.186) | 36-2-242-186.aichi.otk.vectant.ne.jp | - | High
|
||||
43 | [37.139.47.108](https://vuldb.com/?ip.37.139.47.108) | 37-139-47-108.vm.clodoserver.ru | - | High
|
||||
44 | [39.116.90.10](https://vuldb.com/?ip.39.116.90.10) | - | - | High
|
||||
45 | [41.168.5.140](https://vuldb.com/?ip.41.168.5.140) | - | - | High
|
||||
46 | [45.60.77.201](https://vuldb.com/?ip.45.60.77.201) | - | - | High
|
||||
47 | [46.32.240.33](https://vuldb.com/?ip.46.32.240.33) | - | - | High
|
||||
48 | [46.165.243.51](https://vuldb.com/?ip.46.165.243.51) | - | - | High
|
||||
49 | [49.212.235.209](https://vuldb.com/?ip.49.212.235.209) | www3469.sakura.ne.jp | - | High
|
||||
50 | [50.7.252.125](https://vuldb.com/?ip.50.7.252.125) | - | - | High
|
||||
51 | [50.63.202.34](https://vuldb.com/?ip.50.63.202.34) | ip-50-63-202-34.ip.secureserver.net | - | High
|
||||
52 | [50.63.202.49](https://vuldb.com/?ip.50.63.202.49) | ip-50-63-202-49.ip.secureserver.net | - | High
|
||||
53 | [50.72.177.24](https://vuldb.com/?ip.50.72.177.24) | S01069050ca30b943.wp.shawcable.net | - | High
|
||||
54 | [50.84.160.82](https://vuldb.com/?ip.50.84.160.82) | rrcs-50-84-160-82.sw.biz.rr.com | - | High
|
||||
55 | [50.116.43.143](https://vuldb.com/?ip.50.116.43.143) | li480-143.members.linode.com | - | High
|
||||
56 | [51.178.156.9](https://vuldb.com/?ip.51.178.156.9) | ip9.ip-51-178-156.eu | - | High
|
||||
57 | [52.85.132.44](https://vuldb.com/?ip.52.85.132.44) | server-52-85-132-44.iad50.r.cloudfront.net | - | High
|
||||
58 | [52.96.9.2](https://vuldb.com/?ip.52.96.9.2) | - | - | High
|
||||
59 | [52.96.15.178](https://vuldb.com/?ip.52.96.15.178) | - | - | High
|
||||
60 | [52.96.88.50](https://vuldb.com/?ip.52.96.88.50) | - | - | High
|
||||
61 | [52.96.88.66](https://vuldb.com/?ip.52.96.88.66) | - | - | High
|
||||
62 | [52.137.90.34](https://vuldb.com/?ip.52.137.90.34) | - | - | High
|
||||
63 | [52.168.117.173](https://vuldb.com/?ip.52.168.117.173) | - | - | High
|
||||
64 | [52.182.143.212](https://vuldb.com/?ip.52.182.143.212) | - | - | High
|
||||
65 | [52.185.71.28](https://vuldb.com/?ip.52.185.71.28) | - | - | High
|
||||
66 | [54.235.219.186](https://vuldb.com/?ip.54.235.219.186) | server29.cti-webhosting.com | - | High
|
||||
67 | [58.1.158.10](https://vuldb.com/?ip.58.1.158.10) | ntaich204010.aich.nt.ngn.ppp.infoweb.ne.jp | - | High
|
||||
68 | [58.68.2.214](https://vuldb.com/?ip.58.68.2.214) | - | - | High
|
||||
69 | [58.185.131.158](https://vuldb.com/?ip.58.185.131.158) | - | - | High
|
||||
70 | [59.90.221.6](https://vuldb.com/?ip.59.90.221.6) | static.bb.hyd.59.90.221.6.bsnl.in | - | High
|
||||
71 | [60.244.81.6](https://vuldb.com/?ip.60.244.81.6) | 60-244-81-6.apol.com.tw | - | High
|
||||
72 | [61.7.235.35](https://vuldb.com/?ip.61.7.235.35) | - | - | High
|
||||
73 | ... | ... | ... | ...
|
||||
|
||||
There are 282 more IOC items available. Please use our online service to access the data.
|
||||
There are 287 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -139,7 +140,7 @@ ID | Type | Indicator | Confidence
|
|||
21 | File | `admin/app/mediamanager` | High
|
||||
22 | ... | ... | ...
|
||||
|
||||
There are 178 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 180 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -180,6 +181,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2022/04/threat-roundup-0422-0429.html
|
||||
* https://blog.talosintelligence.com/2022/10/threat-roundup-0930-1007.html
|
||||
* https://blog.talosintelligence.com/2022/10/threat-roundup-1007-1014.html
|
||||
* https://blog.talosintelligence.com/threat-roundup-0210-0217/
|
||||
* https://blog.talosintelligence.com/threat-roundup-1111-1118/
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -40,9 +40,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
17 | [43.229.151.64](https://vuldb.com/?ip.43.229.151.64) | - | - | High
|
||||
18 | [46.105.201.240](https://vuldb.com/?ip.46.105.201.240) | - | - | High
|
||||
19 | [46.243.150.150](https://vuldb.com/?ip.46.243.150.150) | - | - | High
|
||||
20 | ... | ... | ... | ...
|
||||
20 | [46.246.13.73](https://vuldb.com/?ip.46.246.13.73) | c-46-246-13-73.ip4.frootvpn.com | - | High
|
||||
21 | ... | ... | ... | ...
|
||||
|
||||
There are 77 more IOC items available. Please use our online service to access the data.
|
||||
There are 78 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -82,9 +83,10 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
18 | File | `adclick.php` | Medium
|
||||
19 | File | `admin.php` | Medium
|
||||
20 | ... | ... | ...
|
||||
20 | File | `Admin/ADM_Pagina.php` | High
|
||||
21 | ... | ... | ...
|
||||
|
||||
There are 169 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 170 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -108,6 +110,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.html
|
||||
* https://blog.talosintelligence.com/2021/04/threat-roundup-0423-0430.html
|
||||
* https://blog.talosintelligence.com/2021/08/threat-roundup-0730-0806.html
|
||||
* https://blog.talosintelligence.com/threat-roundup-0217-0224/
|
||||
* https://blogs.blackberry.com/en/2021/08/threat-thursday-dont-let-njrat-take-your-cheddar
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-20%20njRAT%20IOCs
|
||||
* https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/594/original/Network_IOCs_list_for_coverage.txt?1625657479
|
||||
|
|
|
@ -102,10 +102,11 @@ ID | Type | Indicator | Confidence
|
|||
42 | File | `admin/conf_users_edit.php` | High
|
||||
43 | File | `admin/domain-fields/` | High
|
||||
44 | File | `admin/index.asp` | High
|
||||
45 | File | `admin/member_deal.php` | High
|
||||
46 | ... | ... | ...
|
||||
45 | File | `admin/news.php` | High
|
||||
46 | File | `AdminLoginInterceptor.java` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 411 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -99,7 +99,7 @@ ID | Type | Indicator | Confidence
|
|||
41 | File | `/usr/local/contego/scripts/mgrconfig.pl` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 364 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 365 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -45,12 +45,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -66,7 +66,7 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `body2.ghp` | Medium
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 47 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 48 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -107,7 +107,7 @@ ID | Type | Indicator | Confidence
|
|||
45 | File | `admin/mod_users/controller.php?action=edit` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 399 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -70,25 +70,25 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/auparse/auparse.c` | High
|
||||
5 | File | `/aux` | Low
|
||||
6 | File | `/BindAccount/SuccessTips.js` | High
|
||||
7 | File | `/goform/QuickIndex` | High
|
||||
8 | File | `/goform/setMacFilterCfg` | High
|
||||
9 | File | `/goform/WifiBasicSet` | High
|
||||
10 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
11 | File | `/login.html` | Medium
|
||||
12 | File | `/medical/inventories.php` | High
|
||||
13 | File | `/pages.php` | Medium
|
||||
14 | File | `/pages/save_user.php` | High
|
||||
15 | File | `/patient/doctors.php` | High
|
||||
16 | File | `/rom-0` | Low
|
||||
17 | File | `/uncpath/` | Medium
|
||||
18 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
19 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
20 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
|
||||
21 | File | `abm.aspx` | Medium
|
||||
22 | File | `actions/ChangeConfiguration.html` | High
|
||||
7 | File | `/forum/away.php` | High
|
||||
8 | File | `/goform/QuickIndex` | High
|
||||
9 | File | `/goform/setMacFilterCfg` | High
|
||||
10 | File | `/goform/WifiBasicSet` | High
|
||||
11 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
12 | File | `/login.html` | Medium
|
||||
13 | File | `/medical/inventories.php` | High
|
||||
14 | File | `/pages.php` | Medium
|
||||
15 | File | `/pages/save_user.php` | High
|
||||
16 | File | `/patient/doctors.php` | High
|
||||
17 | File | `/rom-0` | Low
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
20 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
21 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
|
||||
22 | File | `abm.aspx` | Medium
|
||||
23 | ... | ... | ...
|
||||
|
||||
There are 193 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 196 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -72,7 +72,7 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/uncpath/` | Medium
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 45 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 46 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## Actors
|
||||
|
||||
|
@ -167,14 +167,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -182,46 +182,39 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/appliance/users?action=edit` | High
|
||||
2 | File | `/blogengine/api/posts` | High
|
||||
3 | File | `/cbs/system/ShowAdvanced.do` | High
|
||||
4 | File | `/cgi-bin/api-get_line_status` | High
|
||||
5 | File | `/cgi-bin/luci` | High
|
||||
6 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
7 | File | `/cgi-bin/upload_vpntar` | High
|
||||
8 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
9 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
10 | File | `/etc/ldap.conf` | High
|
||||
11 | File | `/etc/shadow` | Medium
|
||||
12 | File | `/export` | Low
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/h/calendar` | Medium
|
||||
15 | File | `/hrm/controller/employee.php` | High
|
||||
16 | File | `/hrm/employeeadd.php` | High
|
||||
17 | File | `/hrm/employeeview.php` | High
|
||||
18 | File | `/index.php` | Medium
|
||||
19 | File | `/login/index.php` | High
|
||||
20 | File | `/mhds/clinic/view_details.php` | High
|
||||
21 | File | `/obs/book.php` | High
|
||||
22 | File | `/products/view_product.php` | High
|
||||
23 | File | `/services/view_service.php` | High
|
||||
24 | File | `/shell` | Low
|
||||
25 | File | `/spip.php` | Medium
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/usr/bin/tddp` | High
|
||||
28 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
29 | File | `/view-property.php` | High
|
||||
30 | File | `/wp-admin/admin-ajax.php` | High
|
||||
31 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
32 | File | `acme_certificate_edit.php` | High
|
||||
33 | File | `adclick.php` | Medium
|
||||
34 | File | `admin.php` | Medium
|
||||
35 | File | `admin/disapprove_user.php` | High
|
||||
36 | File | `admin/import/class-import-settings.php` | High
|
||||
37 | File | `admin/index.php` | High
|
||||
38 | ... | ... | ...
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/appliance/users?action=edit` | High
|
||||
3 | File | `/backup.pl` | Medium
|
||||
4 | File | `/blogengine/api/posts` | High
|
||||
5 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
6 | File | `/forum/away.php` | High
|
||||
7 | File | `/login/index.php` | High
|
||||
8 | File | `/Moosikay/order.php` | High
|
||||
9 | File | `/out.php` | Medium
|
||||
10 | File | `/php-scrm/login.php` | High
|
||||
11 | File | `/products/view_product.php` | High
|
||||
12 | File | `/public/login.htm` | High
|
||||
13 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
14 | File | `/shell` | Low
|
||||
15 | File | `/spip.php` | Medium
|
||||
16 | File | `/tmp/boa-temp` | High
|
||||
17 | File | `/usr/bin/tddp` | High
|
||||
18 | File | `/wp-admin/admin-ajax.php` | High
|
||||
19 | File | `/wp-admin/options.php` | High
|
||||
20 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
21 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
22 | File | `action.php` | Medium
|
||||
23 | File | `adclick.php` | Medium
|
||||
24 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
25 | File | `admin/disapprove_user.php` | High
|
||||
26 | File | `admin/import/class-import-settings.php` | High
|
||||
27 | File | `admin/manage_user.php` | High
|
||||
28 | File | `admin/page-login.php` | High
|
||||
29 | File | `adminer.php` | Medium
|
||||
30 | File | `AndroidManifest.xml` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 325 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with COVID-19:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## Actors
|
||||
|
||||
|
@ -151,11 +151,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -166,41 +166,40 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/assets` | Low
|
||||
2 | File | `/blogengine/api/posts` | High
|
||||
3 | File | `/bsms_ci/index.php/book` | High
|
||||
4 | File | `/cgi-bin/api-get_line_status` | High
|
||||
5 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
6 | File | `/cgi-bin/upload_vpntar` | High
|
||||
7 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
8 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
9 | File | `/etc/hosts` | Medium
|
||||
10 | File | `/export` | Low
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/h/calendar` | Medium
|
||||
13 | File | `/ims/login.php` | High
|
||||
14 | File | `/login/index.php` | High
|
||||
15 | File | `/medicines/profile.php` | High
|
||||
16 | File | `/obs/book.php` | High
|
||||
17 | File | `/products/view_product.php` | High
|
||||
18 | File | `/public/login.htm` | High
|
||||
19 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
20 | File | `/services/view_service.php` | High
|
||||
21 | File | `/shell` | Low
|
||||
22 | File | `/spip.php` | Medium
|
||||
23 | File | `/tmp` | Low
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/usr/bin/pkexec` | High
|
||||
26 | File | `/usr/bin/tddp` | High
|
||||
27 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
28 | File | `/wp-admin/admin-ajax.php` | High
|
||||
29 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
30 | File | `adclick.php` | Medium
|
||||
31 | File | `admin.jcomments.php` | High
|
||||
32 | File | `admin.php` | Medium
|
||||
33 | ... | ... | ...
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/api/blade-log/api/list` | High
|
||||
3 | File | `/as/authorization.oauth2` | High
|
||||
4 | File | `/blogengine/api/posts` | High
|
||||
5 | File | `/bsms_ci/index.php/book` | High
|
||||
6 | File | `/cgi-bin/luci/api/auth` | High
|
||||
7 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
8 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/forum/away.php` | High
|
||||
11 | File | `/ims/login.php` | High
|
||||
12 | File | `/login/index.php` | High
|
||||
13 | File | `/medicines/profile.php` | High
|
||||
14 | File | `/obs/book.php` | High
|
||||
15 | File | `/products/view_product.php` | High
|
||||
16 | File | `/public/login.htm` | High
|
||||
17 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
18 | File | `/shell` | Low
|
||||
19 | File | `/spip.php` | Medium
|
||||
20 | File | `/tmp` | Low
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/usr/bin/pkexec` | High
|
||||
23 | File | `/usr/bin/tddp` | High
|
||||
24 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
25 | File | `/video-sharing-script/watch-video.php` | High
|
||||
26 | File | `/wp-admin/admin-ajax.php` | High
|
||||
27 | File | `/wp-admin/options.php` | High
|
||||
28 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
29 | File | `adclick.php` | Medium
|
||||
30 | File | `admin.jcomments.php` | High
|
||||
31 | File | `admin/add_payment.php` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 271 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -60,7 +60,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `core/admin/modules/developer/modules/views/add.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 9 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## Actors
|
||||
|
||||
|
@ -42,7 +42,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
@ -59,21 +59,22 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/application/common.php#action_log` | High
|
||||
2 | File | `/bin/login` | Medium
|
||||
3 | File | `/cgi-bin/wapopen` | High
|
||||
4 | File | `/etc/ajenti/config.yml` | High
|
||||
5 | File | `/rest/api/latest/groupuserpicker` | High
|
||||
6 | File | `/romfile.cfg` | Medium
|
||||
7 | File | `/TeamMate/Upload/DomainObjectDocumentUpload.ashx` | High
|
||||
8 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
9 | File | `ActivityManagerService.java` | High
|
||||
10 | File | `admin/admin_users.php` | High
|
||||
11 | File | `admin/index.php` | High
|
||||
12 | File | `ajaxp_backend.php` | High
|
||||
13 | File | `akismet.php` | Medium
|
||||
14 | File | `article_coonepage_rule.php` | High
|
||||
15 | File | `books.php` | Medium
|
||||
16 | ... | ... | ...
|
||||
4 | File | `/editor/index.php` | High
|
||||
5 | File | `/etc/ajenti/config.yml` | High
|
||||
6 | File | `/rest/api/latest/groupuserpicker` | High
|
||||
7 | File | `/romfile.cfg` | Medium
|
||||
8 | File | `/TeamMate/Upload/DomainObjectDocumentUpload.ashx` | High
|
||||
9 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
10 | File | `ActivityManagerService.java` | High
|
||||
11 | File | `adclick.php` | Medium
|
||||
12 | File | `admin/admin_users.php` | High
|
||||
13 | File | `admin/index.php` | High
|
||||
14 | File | `ajaxp_backend.php` | High
|
||||
15 | File | `akismet.php` | Medium
|
||||
16 | File | `article_coonepage_rule.php` | High
|
||||
17 | ... | ... | ...
|
||||
|
||||
There are 132 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 135 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -55,48 +55,49 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `.forward` | Medium
|
||||
2 | File | `/addQuestion.php` | High
|
||||
3 | File | `/admin.php/vod/admin/topic/del` | High
|
||||
4 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
5 | File | `/admin/api/theme-edit/` | High
|
||||
6 | File | `/admin/article/list_approve` | High
|
||||
7 | File | `/admin/communitymanagement.php` | High
|
||||
8 | File | `/admin/folderrollpicture/list` | High
|
||||
9 | File | `/api/index.php` | High
|
||||
10 | File | `/api/plugin/upload` | High
|
||||
11 | File | `/api/upload-resource` | High
|
||||
12 | File | `/apply.cgi` | Medium
|
||||
13 | File | `/bcms/admin/?page=service_transactions/view_details` | High
|
||||
14 | File | `/bcms/admin/?page=user/manage_user` | High
|
||||
15 | File | `/bd_genie_create_account.cgi` | High
|
||||
16 | File | `/conf/users` | Medium
|
||||
17 | File | `/course/api/upload/pic` | High
|
||||
18 | File | `/csms/classes/Master.php?f=delete_booking` | High
|
||||
19 | File | `/dev/mem` | Medium
|
||||
20 | File | `/dev/mmz_userdev` | High
|
||||
21 | File | `/diagnostic/editcategory.php` | High
|
||||
22 | File | `/etc/config/product.ini` | High
|
||||
23 | File | `/etc/crash` | Medium
|
||||
24 | File | `/etc/passwd` | Medium
|
||||
25 | File | `/goform/aspForm` | High
|
||||
26 | File | `/goform/SetFirewallCfg` | High
|
||||
27 | File | `/goform/SysToolReboot` | High
|
||||
28 | File | `/goform/SysToolRestoreSet` | High
|
||||
29 | File | `/goform/WifiBasicSet` | High
|
||||
30 | File | `/h/search?action` | High
|
||||
31 | File | `/h/search?action=voicemail&action=listen` | High
|
||||
32 | File | `/HNAP1` | Low
|
||||
33 | File | `/hss/admin/categories/view_category.php` | High
|
||||
34 | File | `/htdocs/upnpinc/gena.php` | High
|
||||
35 | File | `/index.php` | Medium
|
||||
36 | File | `/index.php?module=entities/fields&entities_id=24` | High
|
||||
37 | File | `/login.php` | Medium
|
||||
38 | File | `/login/index.php` | High
|
||||
39 | File | `/medicines/profile.php` | High
|
||||
40 | File | `/menu.html` | Medium
|
||||
41 | File | `/module/report_event/index.php` | High
|
||||
42 | ... | ... | ...
|
||||
3 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
4 | File | `/admin/api/theme-edit/` | High
|
||||
5 | File | `/admin/article/list_approve` | High
|
||||
6 | File | `/admin/communitymanagement.php` | High
|
||||
7 | File | `/admin/folderrollpicture/list` | High
|
||||
8 | File | `/api/index.php` | High
|
||||
9 | File | `/api/plugin/upload` | High
|
||||
10 | File | `/api/upload-resource` | High
|
||||
11 | File | `/apply.cgi` | Medium
|
||||
12 | File | `/bcms/admin/?page=service_transactions/view_details` | High
|
||||
13 | File | `/bcms/admin/?page=user/manage_user` | High
|
||||
14 | File | `/bd_genie_create_account.cgi` | High
|
||||
15 | File | `/conf/users` | Medium
|
||||
16 | File | `/csms/classes/Master.php?f=delete_booking` | High
|
||||
17 | File | `/dev/mem` | Medium
|
||||
18 | File | `/dev/mmz_userdev` | High
|
||||
19 | File | `/diagnostic/editcategory.php` | High
|
||||
20 | File | `/etc/config/product.ini` | High
|
||||
21 | File | `/etc/crash` | Medium
|
||||
22 | File | `/etc/passwd` | Medium
|
||||
23 | File | `/goform/aspForm` | High
|
||||
24 | File | `/goform/SysToolReboot` | High
|
||||
25 | File | `/goform/SysToolRestoreSet` | High
|
||||
26 | File | `/goform/WifiBasicSet` | High
|
||||
27 | File | `/h/search?action` | High
|
||||
28 | File | `/h/search?action=voicemail&action=listen` | High
|
||||
29 | File | `/HNAP1` | Low
|
||||
30 | File | `/hss/admin/categories/view_category.php` | High
|
||||
31 | File | `/htdocs/upnpinc/gena.php` | High
|
||||
32 | File | `/index.php` | Medium
|
||||
33 | File | `/index.php?module=entities/fields&entities_id=24` | High
|
||||
34 | File | `/login.php` | Medium
|
||||
35 | File | `/login/index.php` | High
|
||||
36 | File | `/medicines/profile.php` | High
|
||||
37 | File | `/menu.html` | Medium
|
||||
38 | File | `/module/report_event/index.php` | High
|
||||
39 | File | `/Moosikay/order.php` | High
|
||||
40 | File | `/ocwbs/admin/?page=bookings/view_details` | High
|
||||
41 | File | `/ofrs/admin/?page=teams/manage_team` | High
|
||||
42 | File | `/pdfalto/src/pdfalto.cc` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 364 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 371 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## Actors
|
||||
|
||||
|
@ -63,7 +63,7 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `admin.php/comments/batchdel/` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 47 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 48 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -133,7 +133,7 @@ ID | Type | Indicator | Confidence
|
|||
65 | File | `/librarian/bookdetails.php` | High
|
||||
66 | ... | ... | ...
|
||||
|
||||
There are 577 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 578 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -106,31 +106,32 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/login/index.php` | High
|
||||
15 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
16 | File | `/owa/auth/logon.aspx` | High
|
||||
17 | File | `/phppath/php` | Medium
|
||||
18 | File | `/proc/self/exe` | High
|
||||
19 | File | `/public/login.htm` | High
|
||||
20 | File | `/server-info` | Medium
|
||||
21 | File | `/server-status` | High
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/user/jobmanage.php` | High
|
||||
24 | File | `/user/zs_elite.php` | High
|
||||
25 | File | `/usr/bin/enq` | Medium
|
||||
26 | File | `/web/jquery/uploader/multi_uploadify.php` | High
|
||||
27 | File | `/wp-admin/admin-ajax.php` | High
|
||||
28 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
29 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
30 | File | `/zhndnsdisplay.cmd` | High
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `about.php` | Medium
|
||||
33 | File | `acl.c` | Low
|
||||
34 | File | `adclick.php` | Medium
|
||||
35 | File | `add_comment.php` | High
|
||||
36 | File | `add_vhost.php` | High
|
||||
37 | File | `admin.php` | Medium
|
||||
38 | File | `admin/conf_users_edit.php` | High
|
||||
39 | ... | ... | ...
|
||||
17 | File | `/php-sms/classes/SystemSettings.php` | High
|
||||
18 | File | `/phppath/php` | Medium
|
||||
19 | File | `/proc/self/exe` | High
|
||||
20 | File | `/public/login.htm` | High
|
||||
21 | File | `/server-info` | Medium
|
||||
22 | File | `/server-status` | High
|
||||
23 | File | `/shell` | Low
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/user/jobmanage.php` | High
|
||||
26 | File | `/user/zs_elite.php` | High
|
||||
27 | File | `/usr/bin/enq` | Medium
|
||||
28 | File | `/web/jquery/uploader/multi_uploadify.php` | High
|
||||
29 | File | `/wp-admin/admin-ajax.php` | High
|
||||
30 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
31 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
32 | File | `/zhndnsdisplay.cmd` | High
|
||||
33 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
34 | File | `about.php` | Medium
|
||||
35 | File | `acl.c` | Low
|
||||
36 | File | `adclick.php` | Medium
|
||||
37 | File | `add_comment.php` | High
|
||||
38 | File | `add_vhost.php` | High
|
||||
39 | File | `admin.php` | Medium
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 337 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 348 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -57,47 +57,47 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/admin/index.html` | High
|
||||
4 | File | `/admin/index.php?id=themes&action=edit_template&filename=blog` | High
|
||||
5 | File | `/admin/posts.php` | High
|
||||
6 | File | `/ci_ssms/index.php/orders/create` | High
|
||||
7 | File | `/fw.login.php` | High
|
||||
8 | File | `/home/masterConsole` | High
|
||||
9 | File | `/index.php` | Medium
|
||||
10 | File | `/membres/modif_profil.php` | High
|
||||
11 | File | `/ordering/admin/category/index.php?view=edit` | High
|
||||
12 | File | `/pms/index.php` | High
|
||||
13 | File | `/pms/update_user.php?user_id=1` | High
|
||||
14 | File | `/SimpleBusTicket/index.php` | High
|
||||
15 | File | `/uncpath/` | Medium
|
||||
16 | File | `/usr/bin/pkexec` | High
|
||||
17 | File | `/var/run/docker.sock` | High
|
||||
18 | File | `/wp-admin/admin-ajax.php` | High
|
||||
19 | File | `/xpdf/Stream.cc` | High
|
||||
20 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
21 | File | `addpost_newpoll.php` | High
|
||||
22 | File | `adm-index.php` | High
|
||||
23 | File | `Admin.PHP` | Medium
|
||||
24 | File | `admin.php` | Medium
|
||||
25 | File | `admin.php&r=article/AdminContent/edit` | High
|
||||
26 | File | `admin/expense_report.php` | High
|
||||
27 | File | `admin/index.php` | High
|
||||
28 | File | `admin/ops/reports/ops/forum.php` | High
|
||||
29 | File | `admincp/attachment.php` | High
|
||||
30 | File | `adminedit.pl` | Medium
|
||||
31 | File | `ajax/api/hook/getHookList` | High
|
||||
32 | File | `App\Manage\Controller\ArticleController.class.php` | High
|
||||
33 | File | `archive/index.php` | High
|
||||
34 | File | `auth-gss2.c` | Medium
|
||||
35 | File | `backend/groups/index.php` | High
|
||||
36 | File | `bbs/member_confirm.php` | High
|
||||
37 | File | `bottom.php` | Medium
|
||||
38 | File | `breadcrumbs_create.php` | High
|
||||
39 | File | `C:\Program Files\FileZilla FTP Client\uninstall.exe` | High
|
||||
40 | File | `cds-fpdf.php` | Medium
|
||||
41 | File | `common.php` | Medium
|
||||
42 | File | `controllers/member/Api.php` | High
|
||||
43 | File | `core/Web.js` | Medium
|
||||
6 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
7 | File | `/ci_ssms/index.php/orders/create` | High
|
||||
8 | File | `/fw.login.php` | High
|
||||
9 | File | `/home/masterConsole` | High
|
||||
10 | File | `/index.php` | Medium
|
||||
11 | File | `/membres/modif_profil.php` | High
|
||||
12 | File | `/ordering/admin/category/index.php?view=edit` | High
|
||||
13 | File | `/pms/index.php` | High
|
||||
14 | File | `/pms/update_user.php?user_id=1` | High
|
||||
15 | File | `/SimpleBusTicket/index.php` | High
|
||||
16 | File | `/uncpath/` | Medium
|
||||
17 | File | `/usr/bin/pkexec` | High
|
||||
18 | File | `/var/run/docker.sock` | High
|
||||
19 | File | `/wp-admin/admin-ajax.php` | High
|
||||
20 | File | `/xpdf/Stream.cc` | High
|
||||
21 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
22 | File | `addpost_newpoll.php` | High
|
||||
23 | File | `adm-index.php` | High
|
||||
24 | File | `Admin.PHP` | Medium
|
||||
25 | File | `admin.php` | Medium
|
||||
26 | File | `admin.php&r=article/AdminContent/edit` | High
|
||||
27 | File | `admin/expense_report.php` | High
|
||||
28 | File | `admin/index.php` | High
|
||||
29 | File | `admin/ops/reports/ops/forum.php` | High
|
||||
30 | File | `admincp/attachment.php` | High
|
||||
31 | File | `adminedit.pl` | Medium
|
||||
32 | File | `ajax/api/hook/getHookList` | High
|
||||
33 | File | `App\Manage\Controller\ArticleController.class.php` | High
|
||||
34 | File | `archive/index.php` | High
|
||||
35 | File | `auth-gss2.c` | Medium
|
||||
36 | File | `backend/groups/index.php` | High
|
||||
37 | File | `bbs/member_confirm.php` | High
|
||||
38 | File | `bottom.php` | Medium
|
||||
39 | File | `breadcrumbs_create.php` | High
|
||||
40 | File | `C:\Program Files\FileZilla FTP Client\uninstall.exe` | High
|
||||
41 | File | `cds-fpdf.php` | Medium
|
||||
42 | File | `common.php` | Medium
|
||||
43 | File | `controllers/member/Api.php` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 381 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue